luckytaxi luckytaxi - 5 months ago 62
PHP Question

Extra semicolon at end of value when string contains ampersand sign

I'm using Codeginiter and I'm seeing a semicolon added to the end of my string when using an ampersand sign. See below. BTW, I'm storing the value into a MySQL DB.

I am using

before I insert the value into the DB.


This works:

$string = "you & I";
// Displays "you & i"

This appends a semicolon in DB:

$string = "you&i";
// Displays "you&i;"


You're making use of the xss_clean "feature" of CI which is just broken. Don't expect your data to survive if you apply xss_clean somewhere.

Instead, disable it and things should be fine.

Then filter your data appropriately. The suggestion to actually use xss_clean is just misleading in the CodeIgniter documentation. Take care.