Hi,

I am using Tiny MCE as a Textbox to get user generated input which can be bold, italic, underlined, lists and different alignments.

When the user submits the form data the information is then saved to a variable like below:

$jobDesc = mysqli_real_escape_string ($dbc, $trimmed['txtJobProfile']);

The I take the input and put it into a session like below:

$_SESSION['jobProfile'] = $jobDesc;

I then call it on the next page but all I get is:

"\r"\n"\r"this is a test\r"\"n

Now what I want to do is to display the user input so that it displays as normal text,lists, and left alignmnets, so that there is no HTML showing, no \"r or \n.

So how do I go about formating the text ready to be displayed properly and also insert it into a database and then select and output it on other pages at different times ?

Thanks

assuming you are NOT saving the value in $_SESSION['jobProfile'] to the DB (just using if to display on browser), then instead of: $_SESSION['jobProfile'] = $jobDesc; try: $_SESSION['jobProfile'] = nl2br($trimmed['txtJobProfile']);

Hi,

Thanks for your quick reply, I tried that and all I get is:


rn
This is a Test.


rn

rn
Once again nothing works

rn

rn
I need some help with this one

Thanks

also use htmlentities

Hi,

I tried that as well but that didn't work either. Below is the kind of thing I am getting now:

<p><strong>fvfvfvfvfvfvfv</strong>cdknbkdnkvfnvkfnvk</p>\r\n<p>dnkdnvkfnvkfnvkfnvkfvnfk</p>\r\n<p>mlfmlvmflmvlfvmlfmvflmvlfmv</p>\r\n<p&gt

It does not seem to want to render my tinyMCE code, ie Bold, Lists, Enter, New line etc etc ??

Thanks

probably you dont need htmlentities then

Hi,

I take out HTMLEntities and all I get is this:

Welcome to flockjobs.com

\r\n
Welcome to 
\r\n
\r\n
this is hard shits
\r\n
need some help with this
\r\n
\r\n

I don't know whether its the actual TinyMCE textareas ?

Thanks

ORIGINALLY you posted: $jobDesc = mysqli_real_escape_string ($dbc, $trimmed['txtJobProfile']); How are you populating/initializing the value of $trimmed?

you seem to be confused yourself.

Hi,

I am populating $trimmed with the following:

$trimmed = ('trim', $_POST);

But one thing I have noticed is that if I take out 'mysqli_real_escape_string' then it will work fine but I am worried about XSS attacks and SQL injection attacks as well as the fact I want to also call the information from a database at a later date as well.

Thanks.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.