How to avoid escaping special characters when saving

How to avoid escaping special characters when saving

Loulou90Loulou90 Posts: 11Questions: 4Answers: 0
edited April 2022 in Editor

Hello,
I am using Datatables Editor but I have a problem with saving data

Indeed, I do not want the special characters to be encoded
For example, when I put a "&" it becomes "&" in database
I would like to avoid this but I don't know how

Thanks for your help

Answers

  • rf1234rf1234 Posts: 2,783Questions: 85Answers: 403
    edited April 2022

    Take a look at the Editor dsn setting please.

    /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
     * Database user / pass
     */
    $sql_details = array(
        "type" => "Mysql",     // Database type: "Mysql", "Postgres", "Sqlserver", "Sqlite" or "Oracle"
        "user" => "yourUserName",          // Database user name
        "pass" => "yourPW",          // Database password
        "host" => "localhost", // Database host
        "port" => "",          // Database connection port (can be left empty for default)
        "db"   => "yourDBName",          // Database name
        "dsn"  => "charset=utf8mb4",          // PHP DSN extra information. Set as `charset=utf8mb4` if you are using MySQL
        "pdoAttr" => array()   // PHP PDO attributes array. See the PHP documentation for all options
    );
    

    Just noticed that this works fine for special characters but not for ampersands (&) though. But why would you need that? It works fine if you have & in your database field ...

  • allanallan Posts: 60,920Questions: 1Answers: 9,929 Site admin

    It is almost certainly going to be the built in XSS protection. You can disable it with the options described there, bit make sure you use the DataTables text renderer if you are accepting end user input.

    Allan

  • Loulou90Loulou90 Posts: 11Questions: 4Answers: 0

    Hello,
    I use the same charset ("charset=utf8mb4")
    I need it because I have customers with this kind of character but once sent to the database, the uniqueness of the column is not respected (example R&D becomes "R&D")

    Note that the rest of my PHP script saves "&" normally

  • colincolin Posts: 15,091Questions: 1Answers: 2,580

    @Loulou90 Our accounts aren't showing that you have an Editor license. Is the license registered to another email address? Please can let us know so we can update our records and provide support.

    Thanks,

    Colin

  • rf1234rf1234 Posts: 2,783Questions: 85Answers: 403

    Another option is to set a database trigger that converts the special chars on insert: https://stackoverflow.com/questions/54161401/mysql-trigger-to-replace-specific-characters-on-insert

  • Loulou90Loulou90 Posts: 11Questions: 4Answers: 0

    @collin Ah yes indeed I used my old post for this post :o
    In the end I solved the problem by adding ->xss(false)
    https://editor.datatables.net/manual/php/validation#Strings

    I don't know if it's the best solution, because I think it disables me a lot of protection but I haven't found better..

Sign In or Register to comment.