Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Escaping special characters
Escaping special characters
  • El Forum
    Guest
  •  
#1
03-15-2012, 07:52 AM

[eluser]Perkin5[/eluser]
I understood that, by using the active record class, CI would take care of escaping special characters.

I find, However, that my model method

Code:
function update_table($data){
$id = $this->input->post('id');
$this->db->where('id',$id);
$this->db->update($this->session->userdata('admincat'),$data);}

allows me to insert ampersands and apostrophes. When I look at the database with Navicat, I can see that no slashes have been added to escape them. OK so far and the items can be fetched from the database and displayed on screen. So the database may not be a factor in my problem but I'm not sure. But when I then try to add that item to the shopping cart, it will not accept it ie nothing happens.

Add to cart method looks like this:

Code:
function add() {
$product = $this->Cards_model->get_item($this->input->post('id'));
$insert = array(
'id' => $this->input->post('id'),
'cat' => $product->cat,
'name' => $product->name,
'price' => $product->price,
);
$this->cart->insert($insert);}

Works perfectly unless the name field contains an ampersand or an apostrophe

Anyone suggest why?
  • El Forum
    Guest
  •  
#2
09-06-2012, 08:59 PM

[eluser]MrChuffman[/eluser]
Just ran across this problem and this question popped up on Google, so thought I'd update it for people who come across it later.

CodeIgniter's Cart only accepts alpha-numeric, dashes, colons and periods by default, you'll need to change it to accept apostrophes or any other character you need it to.

We'll be "extending" the CI_Cart, so we'll need to create a file in: application/libraries/MY_Cart.php

Code:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class My_Cart extends CI_Cart {

function __construct() {
  parent::__construct();

  // Update rules to accept ' and &
  $this->product_name_rules = "\.\:\-_ a-z0-9\'&";

} // end __construct

}

after you do that, you'll be good to insert any amount of alpha, numerical, dash, colon, periods, apostrophes and ampersands as you want.
  • El Forum
    Guest
  •  
#3
09-07-2012, 04:19 AM

[eluser]Perkin5[/eluser]
Thank you so much - really helpful!




Theme © iAndrew 2016 - Forum software by © MyBB