[eluser]Unknown[/eluser]
I've been through this problème too.
Using form validation class, active record and form helper, you got your content escaped two times.
First time with the use of set_value() when passing data to your model :
Code:
$this->whatever_model->insert( array( 'my_field' => set_value( 'my_field' ) ) );
Second time with the use of active record that auto-escape datas.
More over, if you use set_value to populate your form, it's re-escaped again...
For your wysiwyg, you need to use htmlspecialchars_decode() two time over set_value() when populating your form.
Code:
[...]form_textarea('someid', htmlspecialchars_decode( htmlspecialchars_decode( set_value( 'someid' ) ) ) )[...]
This solution isn't realy cute at all.
I sugest you to write your MY_form_helper.php (in application/helpers/) like this :
Code:
/**
* DB Value
*
* Grabs a value from the POST array for the specified field so you can
* use it in db queries (no escaping of special chars). If Form Validation
* is active it retrieves the info from the validation class
*
* @access public
* @param string
* @return mixed
*/
function db_value($field = '', $default = '')
{
if (FALSE === ($OBJ =& _get_validation_object()))
{
if ( ! isset($_POST[$field]))
{
return $default;
}
return $_POST[$field];
}
return $OBJ->set_value($field, $default);
}
When passing your data to your model, use db_value instead of set_value :
Code:
$this->whatever_model->insert( array( 'my_field' => db_value( 'my_field' ) ) );
If I made a mistake, please advise me about it.
