Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
v1.3 question about output of field from database
  • stevecrossukstevecrossuk
    I'm having some difficulty with quite a simple blog that I set up using version 1.3 of FuelPHP - more of a lack of knowledge than anything else that I would be grateful if someone could help a newbie out with.

    I've created the blog elements using Oil, which has been really useful, but when I output the full text of the blog on a view blog page - it shows all the HTML and PHP code that I entered into the database, it doesn't interpret the <br /> and <p> tags for instance.


    I was wondering if someone could explain how I can change that within Fuel?

    Much appreciated,

    Steve
  • HarroHarro
    Security is a key component of the framework.

    One of the security features is that by default ALL data send to a view is encoded, to make sure any injected HTML is rendered harmless. This off course is not so pleasant if that is your intention.

    You can pass variables to a view object without encoding using the set_safe() method of the View object.
  • stevecrossukstevecrossuk
    Hi Harro,

    I've been looking at this ever since your kind response, and I think I've tried every possible way of trying to get the set_safe() method in.... but I'm a little stuck. All I can do is make this tell me I'm calling an undefined function!

    Would you be able to suggest please how I can place this code in? I'd be very grateful as I'm quite confused on this but would like to learn and use FuelPHP more now I'm beginning to understand it.

    With Thanks,

    Steve

    public function action_view($id = null)
    {
    $data['news'] = Model_News::find($id);

    is_null($id) and Response::redirect('News');

    $this->template->title = "News";
    $this->template->keywords = 'Japanese Restaurant, Winchester Japanese, Winchester Restaurant';
    $this->template->content = View::forge('news/view', $data);

    }
  • stevecrossukstevecrossuk
    Just fixed this by going to the config file for the app and making false!

      'auto_encode_view_data' => false,
  • HarroHarro
    From a security point a very bad descision, that will disable all encoding!

    If you want to pass something to your view unencoded, use set_safe(), or the third parameter of set().

    So do:

    $this->template->content = View::forge('news/view')->set('news',     Model_News::find($id), false);

    if that is what you don't want escaped.
  • stevecrossukstevecrossuk
    Great, thank you very much Harro - your help much appreciated.
Add a Comment

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories

In this Discussion