summaryrefslogtreecommitdiffstats
path: root/user_guide_src/source/helpers
diff options
context:
space:
mode:
authorAndrey Andreev <narf@bofh.bg>2012-11-01 14:14:34 +0100
committerAndrey Andreev <narf@bofh.bg>2012-11-01 14:14:34 +0100
commit7c4d10660a0a47446474bf97e3cb65f80693f1ee (patch)
tree9ba3d1c2f96d4bc23f128791e997c5da275b6942 /user_guide_src/source/helpers
parentce1b02a0fa8e07f769c41634e19c15482244e687 (diff)
Fix issue #1953 (form values being escaped twice)
Re-instaing an improved form_prep() function, reverting most of the changes from 74ffd17ab06327ca62ddfe28a186cae7ba6bd459.
Diffstat (limited to 'user_guide_src/source/helpers')
-rw-r--r--user_guide_src/source/helpers/form_helper.rst44
1 files changed, 21 insertions, 23 deletions
diff --git a/user_guide_src/source/helpers/form_helper.rst b/user_guide_src/source/helpers/form_helper.rst
index 015bf1162..02a758694 100644
--- a/user_guide_src/source/helpers/form_helper.rst
+++ b/user_guide_src/source/helpers/form_helper.rst
@@ -463,6 +463,26 @@ the tag. For example
echo form_close($string);
// Would produce: </form> </div></div>
+form_prep()
+===========
+
+Allows you to safely use HTML and characters such as quotes within form
+elements without breaking out of the form. Consider this example
+::
+
+ $string = 'Here is a string containing "quoted" text.';
+ <input type="text" name="myform" value="$string" />
+
+Since the above string contains a set of quotes it will cause the form
+to break. The ``form_prep()`` function converts HTML so that it can be used
+safely::
+
+ <input type="text" name="myform" value="<?php echo form_prep($string); ?>" />
+
+.. note:: If you use any of the form helper functions listed in this page the form
+ values will be prepped automatically, so there is no need to call this
+ function. Use it only if you are creating your own form elements.
+
set_value()
===========
@@ -523,26 +543,4 @@ This function is identical to the **set_checkbox()** function above.
.. note:: If you are using the Form Validation class, you must always specify a rule for your field,
even if empty, in order for the set_*() functions to work. This is because if a Form Validation object
is defined, the control for set_*() is handed over to a method of the class instead of the generic helper
- function.
-
-Escaping field values
-=====================
-
-You may need to use HTML and characters such as quotes within form
-elements. In order to do that safely, you'll need to use
-:doc:`common function <../general/common_functions>` ``html_escape()``.
-
-Consider the following example::
-
- $string = 'Here is a string containing "quoted" text.';
- <input type="text" name="myform" value="$string" />
-
-Since the above string contains a set of quotes it will cause the form
-to break. The ``html_escape()`` function converts HTML so that it can be
-used safely::
-
- <input type="text" name="myform" value="<?php echo html_escape($string); ?>" />
-
-.. note:: If you use any of the form helper functions listed in this page, the form
- values will be prepped automatically, so there is no need to call this
- function. Use it only if you are creating your own form elements. \ No newline at end of file
+ function. \ No newline at end of file