I am using CodeIgniter and on an edit form its pulling in data from the database. Sometimes this data contains apostrophes, ampersands etc..
How can i get CI to not parse this and change it to HTML version so end users can edit it.!
This is an image of the edit form, this text field has data pulled in from the database and populated into the input text field. The data does not contain any special chars as you can see in the second image below.
Here is a screenshot of how the data looks in the table, note i am only pulling from the far right column. Not the 4th column:
As you can tell the data isnt being stored as html converted, yet CI is still converting it.
Here is a snippet of the above text field:
<?php
/**
* Form Field attribute settings
* @author Mike DeVita
*/
$companyname = array(
'name' => 'companyname',
'placeholder' => 'Enter Your Companies Name',
'id' => 'companyname',
'value' => set_value('', $points['pointFields']['companyname']->uf_fieldvalue),
'maxlength' => 80,
'size' => 30
);
<div class="_100">
<p><?php echo form_label('Company Name', $companyname['id']); ?><?php echo form_input($companyname); ?></p>
<?php echo form_error($companyname['id']); ?>
</div>
Here is a snippet of the insert to database:
function addUserFieldHtml($compiledHtml){
foreach ($compiledHtml as $cHK => $cHV){
$data = array (
'pointid' => $cHV['pointId'],
'timestamp' => time(),
'html' => $cHV['html'],
'fieldid' => $cHV['fieldId'],
'fieldvalue' => $cHV['fieldValue']
);
$this->db->insert('userfields', $data);
}
}#end addUserFieldHtml() function
Thanks
The issue is here:
set_value()converts some characters to entities, and should only be used in raw HTML – not passed to any of the form helper functions, like so:This will call the
form_prep()function which escapes the input string, something like this:So just change your config for
valueto this:…and when used with
form_input()or any of the other form helper functions for displaying an input, thevaluewill be escaped properly for you. For example: