Today I came across an interesting bug in a codeigniter application I was working on where I encoded ampersands (&) were appearing in a report. I did some rudimentary debugging and realised that for some reason, values from a form were being saved to the database html encoded.
I stepped through the code and discovered that I was using the set_value() function to retrieve the value posted from the form. This is a no-go I’m afraid. set_value is supposed to be used to set the values of inputs and textareas in forms within the view itself and as such runs the htmlspecialchars function across the form post value before returning it. There is a function specifically designed for what I wanted: $this->input-post(fieldname). Lesson learned.
Wow, if you would of read the documentation, you would of known this.