-1

I want to perform a htmlspecialchars with no quotes in my entity save.

Code:

$post['body'] = htmlentities($this->request->getData('body'), ENT_NOQUOTES);

Validator doesn't work on save.

How to make it work?

Thanks

Klaas Waas
  • 9
  • 6

1 Answers1

0

The h() method is just a wrapper for htmlspecialchars() more information on that can be found in the Cake API https://book.cakephp.org/3.0/en/core-libraries/global-constants-and-functions.html#h

h(string $text, boolean $double = true, string $charset = null)

The long and short of it is that the first parameter for those functions is a string and you are passing in an array of data. If you wanted to strip those out you could override the patchEntity() with your own or individual run the special chars function on each elements

Edit: Added more clear example to keep validation

You can use the withData to set the response data and still use patch entities. for instance.

$data = $this->request->withData('body', htmlentities($this->request->getData('body'), ENT_NOQUOTES))

And then patch/validate the entity using the new request object.

patchEntity($post, $data)
KaffineAddict
  • 436
  • 2
  • 11
  • If I try $post['body'] = htmlentities($this->request->getData('body'), ENT_NOQUOTES); the validator doesn't work. Is there any way to make it work - even when the body is the same as the getData? – Klaas Waas Jul 19 '17 at 14:52
  • You can use the withData to set the response data and still use patch entities. for instance `$data = $this->request->withData('body', htmlentities($this->request->getData('body'), ENT_NOQUOTES))` then use the patch entities with $data as the request. I will edit my post with a more clear example – KaffineAddict Jul 20 '17 at 15:08
  • Thanks for the reply. I am getting Cannot convert value to string when using $reply['body'] = $this->request->withData('body', htmlentities($this->request->getData('body'), ENT_NOQUOTES)); – Klaas Waas Jul 20 '17 at 20:38
  • @KlaasWaas withData() does not return a string it returns a response object if I recall correctly. Look at my example I updated, it shows the correct usage. – KaffineAddict Jul 25 '17 at 15:06
  • Sorry for wasting your time. I am now using htmlentities on the view. – Klaas Waas Jul 30 '17 at 21:35
  • @KlaasWaas not a waste of time at all. Glad you got everything working! – KaffineAddict Aug 14 '17 at 14:13