Vielen danke!
I didn't knew this "nl2br"!
here is my way to do (with sanitize...)
<?php
App::import('Sanitize');
class MyController extends AppController {
function add() {
if (!empty($this->data)) {
$this->data = Sanitize::clean($this->data);
$this->Mydata->create();
....
}
function edit($id = null) {
if (!empty($this->data)) {
$this->data = Sanitize::clean($this->data);
if ($this->Mydata->save($this->data)) {
....
}
}
}
?>
and in my view template index.ctp
<?php echo nl2br($result['Mydata']['field']); ?>
thanks again.
On Aug 21, 5:57 pm, "euromark (munich)" <dereurom...@googlemail.com>
wrote:
> always the same^^
>
> no sanitizing neccessary
> just use h($var) in the view
>
> and for textareas
> nl2br(h($var))
>
> thats all
>
> On 21 Aug., 16:55, ezekfred <ezekf...@wanadoo.fr> wrote:
>
> > Hello,
>
> > I'm having some issues with my views.
>
> > add.ctp: echo $form->input('theanswer');
> > view.ctp: echo $data['theanswer'];
>
> > in my database theanswer is a TEXT field
>
> > I just want to allow people make use of carriage return,
> > I want to display these CR in view.ctp and index.ctp
> > but I don't want them to write scripts like <script>alert
> > ("EXPLETIVES!!!")</script>
>
> > I've tried to sanitize::clean the input, to sanitize::html the output
> > but I'm unable to get an output like that:
> > "Line1
> > Line2
> > ...."
>
> > Has anyone an idea?
>
> > thanks for your help!
>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
