• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Active record + wysiwyg

#11
[eluser]Unknown[/eluser]
I've been through this problème too.

Using form validation class, active record and form helper, you got your content escaped two times.

First time with the use of set_value() when passing data to your model :

Code:
$this->whatever_model->insert( array( 'my_field' => set_value( 'my_field' ) ) );

Second time with the use of active record that auto-escape datas.

More over, if you use set_value to populate your form, it's re-escaped again...

For your wysiwyg, you need to use htmlspecialchars_decode() two time over set_value() when populating your form.

Code:
[...]form_textarea('someid', htmlspecialchars_decode( htmlspecialchars_decode( set_value( 'someid' ) ) ) )[...]

This solution isn't realy cute at all.

I sugest you to write your MY_form_helper.php (in application/helpers/) like this :

Code:
/**
* DB Value
*
* Grabs a value from the POST array for the specified field so you can
* use it in db queries (no escaping of special chars).  If Form Validation
* is active it retrieves the info from the validation class
*
* @access    public
* @param    string
* @return    mixed
*/

function db_value($field = '', $default = '')
{
    if (FALSE === ($OBJ =& _get_validation_object()))
    {
        if ( ! isset($_POST[$field]))
        {
            return $default;
        }

        return $_POST[$field];
    }

    return $OBJ->set_value($field, $default);
}

When passing your data to your model, use db_value instead of set_value :

Code:
$this->whatever_model->insert( array( 'my_field' => db_value( 'my_field' ) ) );


If I made a mistake, please advise me about it.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.