luckytaxi luckytaxi - 1 month ago 24
PHP Question

Extra semicolon at end of value when string contains ampersand sign

I'm using Codeginiter and I'm seeing a semicolon added to the end of my string when using an ampersand sign. See below. BTW, I'm storing the value into a MySQL DB.

I am using

htmlspecialchars
before I insert the value into the DB.

$this->form_validation->set_rules('item_name','description','trim|required|min_length[3]|xss_clean');


This works:

$string = "you & I";
// Displays "you & i"


This appends a semicolon in DB:

$string = "you&i";
// Displays "you&i;"

Answer

You're making use of the xss_clean "feature" of CI which is just broken. Don't expect your data to survive if you apply xss_clean somewhere.

Instead, disable it and things should be fine.

Then filter your data appropriately. The suggestion to actually use xss_clean is just misleading in the CodeIgniter documentation. Take care.