Menu
EDIT: I solved it seconds after posting the question (sorry!) but can't accept an answer yet.
Hi folks,
Just a quick one. I have a PHP/CodeIgniter site and the user can edit their profile. I'm using CI's XSS Filtering and Active Record-based Models, so the data is escaped automatically.
It naturally displays fine on the profile page view, text such as "We'll see if this works" (the apostrophe in the we'll). However when the user goes to the Edit page, the input box (filled with the data in the DB) displays:
We'll see if this works
I thought I could get around it by setting the value of the input box to html_entity_decode($query->row('example_database_row')) but it still doesn't work. Am I misunderstanding something here?
Thanks!
Jack
354
You can use html_entity_decode($query->row('example_database_row'), ENT_QUOTES).
However, I would advise against HTML encoding before you insert it into the database. Just encode it when you output it. It's better just storing the raw data in the database.
86
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
