where to do html encoding (ampersands)

[eluser]Unknown[/eluser]
Hello all,


I am just getting started using Code Igniter, so please be patient with me


Following the blog screencast, I started of using the scaffolding feature and a simple view. I am not sure, however how to handle HTML encoding of content coming from the database.. what's the recommended way to do it?

As far as I can see one could (a) do the encoding when entering into the database (but scaffolding wouldn't do this, right?), (b) manually do htmlspecialchars() in the controller before sending the data to the view and lastly © manually do htmlspecialchars() in the view.

Or am I missing something completely? (I do have to encode ampersands for HTML valdition)


More or less a similar topic: Using UTF-8 as for various encodings is the recommended way to in CI nowadays, right? (I have read about some pitfalls regarding some components, but I ain't sure how much CI 1.8 has improved on that matter).


have a nice day|thanks for your time
g

[eluser]axle_foley00[/eluser]
gohai:

I'd say to do it either in your controller before sending data to the view or in the view itself.

When you are inserting user input into your database you can use CI's XSS clean function to filter your data.

Just remember: Filter Input, Escape Output (FIEO)

Regarding UTF-8, personally I recommend using it and you can now set it in your both your config and database config files. Oh and don't you mean CI 1.6, we haven't reached version 1.8 yet. hehe Which components did you read about that had problems?

Hope that helps.