Login

03-18-2010, 06:31 AM

[eluser]Oblong[/eluser]
Hello.

I'm having trouble with form validation with data that includes an apostrophe - it gets converted to an html entity.

The validation I'm using:

Code:
$this->form_validation->set_rules('surname','Surname','required|trim|xss_clean|max_length[255]');

If, for example, I enter "O'Reilly" in that field, it shows up as

Code:
O'Reilly

in the DB.

Any advice appreciated.

03-18-2010, 08:43 AM

[eluser]Tominator[/eluser]
Yes, and it's correct, because of SQL Injection (to protect your DB). If you want to stop replacing this, try to remove 'xss_clean' from rules (but it's security risk).

03-18-2010, 10:38 AM

[eluser]Oblong[/eluser]
I realise it's part of sanitising the data via xss_clean, but I need to export the table into an csv file to be opened by Excel, so would prefer the apostrophe handled differently rather than converted to an html entity, e.g. using mysql_real_escape_string();

Trying to find the xss_clean function in the source.

03-18-2010, 11:01 AM

[eluser]Tominator[/eluser]
You can make custom function to get it back:

Code:
function deentities($input)

{

$entities = array("'");

$strings = array("'");

return str_replace($entities, $strings, $input);

}

03-18-2010, 11:12 AM

[eluser]Oblong[/eluser]
True, thanks Tominator. I haven't got to the export to csv part yet, but I assume I can run your replace suggestion on the whole csv string/array.

03-18-2010, 12:20 PM

[eluser]danmontgomery[/eluser]
http://php.net/manual/en/function.html-e...decode.php

03-18-2010, 01:16 PM

[eluser]Oblong[/eluser]
Thanks noctrum.