views:

71

answers:

2

EDIT: I solved it seconds after posting the question (sorry!) but can't accept an answer yet.

Hi folks,

Just a quick one. I have a PHP/CodeIgniter site and the user can edit their profile. I'm using CI's XSS Filtering and Active Record-based Models, so the data is escaped automatically.

It naturally displays fine on the profile page view, text such as "We'll see if this works" (the apostrophe in the we'll). However when the user goes to the Edit page, the input box (filled with the data in the DB) displays:

We'll see if this works

I thought I could get around it by setting the value of the input box to html_entity_decode($query->row('example_database_row')) but it still doesn't work. Am I misunderstanding something here?

Thanks!

Jack

+1  A: 

Oh damn, that was easy. Just changed it to html_entity_decode($query->row('example_database_row'), ENT_QUOTES) and it works fine. Thanks anybody who read this!

Jack Webb-Heller
+1  A: 

You can use html_entity_decode($query->row('example_database_row'), ENT_QUOTES).

However, I would advise against HTML encoding before you insert it into the database. Just encode it when you output it. It's better just storing the raw data in the database.

Daniel Egeberg