6

EDIT: I solved it seconds after posting the question (sorry!) but can't accept an answer yet.

Hi folks,

Just a quick one. I have a PHP/CodeIgniter site and the user can edit their profile. I'm using CI's XSS Filtering and Active Record-based Models, so the data is escaped automatically.

It naturally displays fine on the profile page view, text such as "We'll see if this works" (the apostrophe in the we'll). However when the user goes to the Edit page, the input box (filled with the data in the DB) displays:

We'll see if this works

I thought I could get around it by setting the value of the input box to html_entity_decode($query->row('example_database_row')) but it still doesn't work. Am I misunderstanding something here?

Thanks!

Jack

Improve this question

1 Answer 1

Reset to default
15

You can use html_entity_decode($query->row('example_database_row'), ENT_QUOTES).

However, I would advise against HTML encoding before you insert it into the database. Just encode it when you output it. It's better just storing the raw data in the database.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Oh damn, that was easy. Just changed it to html_entity_decode($query->row('example_database_row'), ENT_QUOTES) and it works fine. Thanks anybody who read this!
Your Answer didn't work for me. I used html_entity_decode(get_the_title(), ENT_COMPAT, 'UTF-8');

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.