Reputation: 41605
Sanitize::html with accents CakePHP2.0
I was using this to save my data into the Database:
$this->request->data['Post']['body'] = utf8_decode($this->request->data['Post']['body']);
Like that, i could save into my DB some "special" characters like the ones with accents: áéíóú without any problem.
Then, i tried to protect my application from HTML and SQL injections and i used Sanitization like this:
$this->request->data['Post']['body'] = Sanitize::html($this->request->data['Post']['body']);
So now my text is stored on the database like this:
á = á
é = é
í = í ...etc
And i dont want that. Also, my field on the DB has a maximun of characters and this doesn't help.
I have also tried to use the options param at sanitize with encode = true, encode = false or encode = 'utf8' but nothing seems to change.
What should i do? Thanks.
UPDATE 1
I have also tried to use htmlentities function on my controller but it inserts this in my database instead of á:
Ã
Upvotes: 0
Views: 1641
Answers (1)
Reputation: 7882
If you're using Cake to save your data (i.e., using save() not query()) then you are protected against SQL injection. It escapes values automatically.
As stated in the docs, Sanitize::html() will convert characters to HTML entities, such as >, á, etc. You probably shouldn't use it unless you specifically want HTML entities. Cake will take care of storing your accents in the database just fine if you have the proper encoding on your app and tables.
Upvotes: 2
Related Questions
- CakePHP - Sanitize::clean leaving &amp and \n
- How can I prevent CakePHP HTML Helper from converting special characters to HTML entities?
- Non-English characters in CakePHP
- Browser detects ISO-8859-1 encoding on UTF-8 cakePHP app
- CakePHP – html helper how to turn off escaping?
- CakePHP UTF-8 required direct encoding?
- UTF8 Encoding not working within CakePHP Shell
- cakePHP: Overload Sanitize
- How to remove unwanted characters
- "\r" in html made by cakePHP Sanitize::clean()