I was using this to save my data into the Database:
$this->request->data['Post']['body'] = utf8_decode($this->request->data['Post']['body']);
Like that, i could save into my DB some “special” characters like the ones with accents:
áéíóú without any problem.
Then, i tried to protect my application from HTML and SQL injections and i used Sanitization like this:
$this->request->data['Post']['body'] = Sanitize::html($this->request->data['Post']['body']);
So now my text is stored on the database like this:
á = á
é = é
í = í ...etc
And i dont want that. Also, my field on the DB has a maximun of characters and this doesn’t help.
I have also tried to use the options param at sanitize with encode = true, encode = false or encode = ‘utf8’ but nothing seems to change.
What should i do?
Thanks.
UPDATE 1
I have also tried to use htmlentities function on my controller but it inserts this in my database instead of á:
Ã
If you’re using Cake to save your data (i.e., using
save()notquery()) then you are protected against SQL injection. It escapes values automatically.As stated in the docs,
Sanitize::html()will convert characters to HTML entities, such as>,á, etc. You probably shouldn’t use it unless you specifically want HTML entities. Cake will take care of storing your accents in the database just fine if you have the proper encoding on your app and tables.