php-codeigniter - HTMLENTITIES in displaying value of textbox

Through out my application, i wanted to display the value htmlentities(str), since ther开发者_StackOverflow中文版e is not restriction for single or double or any special char. Instead of using or converting by htmlentities(str),like

<input id="text" name="text" value="<?php if(isset($_POST['text'])) { echo htmlentities($_POST['text']); } ?>

Is there any way to set it globally for all the textboxes?

In codeigniter we can do that as a part of rules like $rules['other_gait']="htmlentities|max_length[200]";

But thanks for the hint to use htmlentities.

with your code structure - no, but you can preprocess $_POST.. this approach is not very nice, but if you fill out your forms ONLY like in the example, it's going to work.

$parametersToPreprocess = array(
    'text1',
    'text2',
);
foreach (array_keys($_POST) as $postKey) {
    if (in_array($postKey, $parametersToPreprocess)) {
        $_POST[$postKey] = htmlentities($_POST[$postKey]);
    }
}

Nope. PHP's built-in templating has no feature to automatically escape output values. The best you can manage is to define a function with a short name to save yourself a bit of typing:

<?php
    function h($s) {
        echo htmlspecialchars($s, ENT_QUOTES);
    }
?>

<input id="text" name="text" value="<?php h(isset($_POST['text'])? $_POST['text'] : ''); ?>">

(Note: htmlspecialchars, not htmlentities, which will try to HTML-encode all non-ASCII characters, which will mess them up if you don't pass in the right $charset argument.)