Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Active Record Insert not escaping SimpleXML object values
Active Record Insert not escaping SimpleXML object values
  • El Forum
    Guest
  •  
#1
02-04-2008, 07:22 AM

[eluser]anthrt[/eluser]
http://codeigniter.com/bug_tracker/bug/3386/

Code:
$data = array(
'name' => $xml->characterInfo->character['name'],
'classId' => $xml->characterInfo->character['classId'],
'raceId' => $xml->characterInfo->character['raceId'],

$xml->characterInfo->character['name'] points to:

Code:
["name"]=>
  object(SimpleXMLElement)#17 (1) {
    [0]=>
    string(8) "Memories"
  }

It is picked up by CI with the correct value ("Memories") but it does not auto escape it. I've had to add $this->db->escape_str around the variables for them to be escaped (which works).
  • El Forum
    Guest
  •  
#2
02-04-2008, 09:20 AM

[eluser]Derek Allard[/eluser]
You're sending an object through an array. You can either pass an array or an object to the function that way.
  • El Forum
    Guest
  •  
#3
02-04-2008, 09:39 AM

[eluser]anthrt[/eluser]
I don't quite understand what you mean, why can't CI escape the values in the insert() function? How can I go about getting to do it in the function and not having to manually escape them?
  • El Forum
    Guest
  •  
#4
02-04-2008, 10:07 AM

[eluser]Derek Allard[/eluser]
You could probably typecast them as strings instead of objects. Does
Code:
$data = array(
'name' => (string)$xml->characterInfo->character['name'],

work?
  • El Forum
    Guest
  •  
#5
02-04-2008, 11:16 AM

[eluser]anthrt[/eluser]
Thanks Derek, that's done it.

Apologies for the mistaken bug report.
  • El Forum
    Guest
  •  
#6
02-04-2008, 11:20 AM

[eluser]Derek Allard[/eluser]
Absolutely no need to apologize at all. Thanks for being proactive and involved. See you on the forums.




Theme © iAndrew 2016 - Forum software by © MyBB