I’m using Codeginiter and I’m seeing a semicolon added to the end of my

Question

0

Asked: May 26, 20262026-05-26T07:56:20+00:00 2026-05-26T07:56:20+00:00

I’m using Codeginiter and I’m seeing a semicolon added to the end of my

0

I’m using Codeginiter and I’m seeing a semicolon added to the end of my string when using an ampersand sign. See below. BTW, I’m storing the value into a MySQL DB.

I am using htmlspecialchars before I insert the value into the DB.

$this->form_validation->set_rules('item_name','description','trim|required|min_length[3]|xss_clean');

This works:

$string = "you & I";
// Displays "you & i"

This appends a semicolon in DB:

$string = "you&i";   
// Displays "you&i;"

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T07:56:20+00:00

Editorial Team

2026-05-26T07:56:20+00:00Added an answer on May 26, 2026 at 7:56 am

You’re making use of the xss_clean “feature” of CI which is just broken. Don’t expect your data to survive if you apply xss_clean somewhere.

Instead, disable it and things should be fine.

Then filter your data appropriately. The suggestion to actually use xss_clean is just misleading in the CodeIgniter documentation. Take care.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m using Codeginiter and I’m seeing a semicolon added to the end of my

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply