form_prep, form helper issues

#1
[eluser]Unknown[/eluser]
According to the codeigniter userguide, I should not need to use form_prep if I am using the form helper functions, the values should be prepped automatically. Here is what I am trying to do. The first form, 'Update,' is prepared correctly, the second, 'Delete' is not. Why does the form helper function work the first time and not the second.

Code:
function test() {
$data['content'] = "<p>\"</p>";
$this->load->view('test', $data); }

Code:
&lt;?php
echo $content;
//$content = form_prep($content);
  echo form_open('library/delete_preview');
    echo form_hidden('content', $content);
    echo form_submit('submit', 'Update');
    echo form_close();

   echo form_open('library/delete_preview');
    echo form_hidden('content', $content);
    echo form_submit('submit', 'Delete');
    echo form_close();
?&gt;

Showing the output from the browser view-source window doesn't seem to be useful here because the html entities get converted when I hit preview post. But here is what it looks like in the browser window.


"
[Update button]

" /> [Delete button]


The value in the hidden field of the first form is prepped, the value for the second form is not. Why? Thanks. Chris

#2
[eluser]Jondolar[/eluser]
I'm guessing that the text above has been modified from your original code. You are calling 'library/delete_preview' from both form_open() functions. Did you leave other content out too? Can't tell you what the problem is if it doesn't reflect what you are truly using.

#3
[eluser]Unknown[/eluser]
Thanks for the reply. Yes it doesn't make sense to call delete_preview twice. In an attempt to provide a concise example of my problem, I copied stuff, cut out what wasn't needed, and didn't notice. It would have made more sense to call it something like update_preview, but, I am not trying to make the button work correctly at this point. Sorry for the distraction.

The problem is with $content not being prepped the second time. Here is a complete working example that demonstrates my problem.

the controller

Code:
&lt;?php if (!defined('BASEPATH')) exit('No direct script access allowed');

class Site extends Controller
{
    function __construct()
    {
        parent::__construct();

    }

    function index()
    {
        $data['content'] = "<p>\"</p>";
        $this->load->view('test', $data);
        
    }    
}

the view

Code:
&lt;?php

echo $content;
//$content = form_prep($content);
  echo form_open('somewhere');
    echo form_hidden('content', $content);
    echo form_submit('submit', 'Update');
    echo form_close();

   echo form_open('somewhereelse');
    echo form_hidden('content', $content);
    echo form_submit('submit', 'Delete');
    echo form_close();
?&gt;



I have two (maybe more) solutions that work. Explicitly using form_prep() works, as does getting $content from the database instead of posting it. But each takes an extra step and should not be required according to the user guide. Thanks. Chris

#4
[eluser]skiff_pt[/eluser]
I have experienced the same problem as violinchris.

After i looked into the original form_prep code i found the following:

Code:
function form_prep($str = '', $field_name = '')
    {
        
        static $prepped_fields = array();

        // if the field name is an array we do this recursively
        if (is_array($str))
        {
            foreach ($str as $key => $val)
            {
                $str[$key] = form_prep($val);
            }

            return $str;
        }

        if ($str === '')
        {
            return '';
        }

        // we've already prepped a field with this name
        // @todo need to figure out a way to namespace this so
        // that we know the *exact* field and not just one with
        // the same name
        if (isset($prepped_fields[$field_name]))
        {
            return $str;
        }

        $str = htmlspecialchars($str);
        // In case htmlspecialchars misses these.
        $str = str_replace(array("'", '"'), array("'", "&quot;"), $str);

        if ($field_name != '')
        {
            $prepped_fields[$field_name] = $str;
        }

        return $str;
    }

There is a static array that stores all previously prepped_fields.

Question:
Is there a reason why in case a field is already prepped form_prep returns the un_preped $str:
Code:
if (isset($prepped_fields[$field_name]))
        {
            return $str;
        }

why not returning the previously stored prepped string?
example:
Code:
if (isset($prepped_fields[$field_name]))
        {
            return $prepped_fields[$field_name];
        }

Regards


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.