luckytaxi luckytaxi - 1 year ago 147
PHP Question

Extra semicolon at end of value when string contains ampersand sign

I'm using Codeginiter and I'm seeing a semicolon added to the end of my string when using an ampersand sign. See below. BTW, I'm storing the value into a MySQL DB.

I am using

before I insert the value into the DB.


This works:

$string = "you & I";
// Displays "you & i"

This appends a semicolon in DB:

$string = "you&i";
// Displays "you&i;"

Answer Source

You're making use of the xss_clean "feature" of CI which is just broken. Don't expect your data to survive if you apply xss_clean somewhere.

Instead, disable it and things should be fine.

Then filter your data appropriately. The suggestion to actually use xss_clean is just misleading in the CodeIgniter documentation. Take care.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download