hi all, forget about it:
On Aug 24, 10:18 am, ezekfred <[email protected]> wrote: > > Vielen danke! > > > > I didn't knew this "nl2br"! > > > > here is my way to do (with sanitize...) > > > > <?php > > App::import('Sanitize'); > > > > class MyController extends AppController { > > function add() { > > if (!empty($this->data)) { > > $this->data = Sanitize::clean($this->data); > > $this->Mydata->create(); > > .... > > } > > > > function edit($id = null) { > > if (!empty($this->data)) { > > $this->data = Sanitize::clean($this->data); > > if ($this->Mydata->save($this->data)) { > > .... > > } > > } > > > > } > > > > ?> > > > > and in my view template index.ctp > > <?php echo nl2br($result['Mydata']['field']); ?> > > > > thanks again. > > > > On Aug 21, 5:57 pm, "euromark (munich)" <[email protected]> > > wrote: > > >> > > always the same^^ > > >> > > no sanitizing neccessary >> > > just use h($var) in the view > > >> > > and for textareas >> > > nl2br(h($var)) > > >> > > thats all > > >> > > On 21 Aug., 16:55, ezekfred <[email protected]> wrote: > > >>> > > > Hello, > > >>> > > > I'm having some issues with my views. > > >>> > > > add.ctp: echo $form->input('theanswer'); >>> > > > view.ctp: echo $data['theanswer']; > > >>> > > > in my database theanswer is a TEXT field > > >>> > > > I just want to allow people make use of carriage return, >>> > > > I want to display these CR in view.ctp and index.ctp >>> > > > but I don't want them to write scripts like <script>alert >>> > > > ("EXPLETIVES!!!")</script> > > >>> > > > I've tried to sanitize::clean the input, to sanitize::html the output >>> > > > but I'm unable to get an output like that: >>> > > > "Line1 >>> > > > Line2 >>> > > > ...." > > >>> > > > Has anyone an idea? > > >>> > > > thanks for your help! > > euromark was right: no sanitizing necessary: just use h($var) in the view and for textareas: nl2br(h($var)) I've found my issue: I was using an old version of debug kit... with the last one (1.1) everything is ok with h($myvars) Thank you again Mister Euromark. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
