Sunday, November 1, 2009

Re: Sanitize:: clean help

way tooooo complicated

dont sanitize it
and use h() for output (text, varchar)

that is way more handy than any other approach


On 1 Nov., 06:44, Kyle Decot <kdec...@gmail.com> wrote:
> Try echo $form->input("description",array("value"=>html_entity_decode(@
> $this->data["Model"]["description"])));
>
> On Oct 31, 5:29 pm, "Dave" <make.cake.b...@gmail.com> wrote:
>
> > Can someone help me out with this fairly simple question.
>
> > I am doing:
>
> > $clean = new Sanitize();
> > $this->data = $clean->clean($this->data);
>
> > Now if a user enters quotes brackets or what not it gets converted to
> > &lt;script&gt; which is fine for saving to the db I suppose. But when they
> > go back to edit the entry the input is &lt;script&gt; how can i convert it
> > back to what it was before? So it is readable.
> > I want the data to be safe for the db but also be able to be editable by the
> > end user.
>
> > I tried echo $form->input(html_entity_decode('description'));but still comes
> > out all mangled
>
> > Thanks
>
> > Dave
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---

No comments: