Insert single quote or double quote to the database with codeigntier
you can use both type of quote. there's no reason to use sinlge / double quote.
<input type='text' name='name' value='<?=($activity->name); ?>' class='form-control'><input type="text" name="name" value="<?=($activity->name); ?>" class="form-control">
Use form helper:
$data=array( 'class' => 'form-control', 'name' => 'name', 'value' => set_value('name', $activity->name));echo form_input($data);
Or if you don't want to escape anything
'value' => set_value('name', $activity->name, false)
Every question has a solution.
I tired with assigning config and all what i can do. Finally find the best solution for you. Now you don't want to add htmlspecialchars()
for all the function. Just use below code.
One more thing In CI there method call
html_escape($var)
read about that too as well
Changes
Go to system/core/input.php
(I'm using CI 3 so go to line 254)
Change this
public function post($index = NULL, $xss_clean = NULL){ return $this->_fetch_from_array($_POST, $index, $xss_clean);}
to this
public function post($index = NULL, $xss_clean = NULL){ return htmlspecialchars ($this->_fetch_from_array($_POST, $index, $xss_clean));}
In order to use this form method should be
method="post"
. and in controller you have to use$this->input->post('');
.$_POST
will not work for yours.
Example - Code
In view(sample form)
<?php echo form_open('welcome/form'); ?><h1>Create Contact Form Using CodeIgniter</h1> <?php echo form_label('Student Name :'); ?> <?php echo form_input(array('id' => 'dname', 'name' => 'dname')); ?> <?php echo form_label('Student Email :'); ?> <?php echo form_input(array('id' => 'demail', 'name' => 'demail')); ?> <?php echo form_submit(array('id' => 'submit', 'value' => 'Submit')); ?><?php echo form_close(); ?>
In Controller
echo $this->input->post('dname');
Input & Output
Input is This is some <b>bold</b> text.
which i took from w3Schools.com
Output is This is some <b>bold</b> text.
Check in
- GitHub (Recommended)