TinyMCE - Saving and Retrieving Editor Content

Question

mmcdonald 28 Posting Pro

11 Years Ago

Hi all,

I'm having that oldschool issue with saving rich text content to MySQL and then retreiving it. As far as I'm concerned I thought I was doing it correctly - but one of you lucky devils is about to tell me otherwise :D

When I'm saving to DB:

    if(isset($_SESSION['auth'], $_POST["topicid"], $_POST["response"])){

          $configureEntities = htmlentities($_POST['response']);
          $formattedResponse = mysqli_real_escape_string($configureEntities);

          $mysqliDebug = true;
          $mysqli = mysqli_connect($config['host'], $config['user'], $config['pass'], $config['db']);

          $date_added=date('Y-m-d H:i:s');
          $query = "INSERT INTO topic_response(topicid,usersid,response,date_added) VALUES (?, ?, ?, ?)";                                                
          $stmt = $mysqli->prepare($query);
          $stmt->bind_param('ssss', $_POST['topicid'], $userInfo['id'], $formattedResponse, $date_added);
          $result = $stmt->execute();
    }

When I'm echoing response data:

`echo stripslashes($topicResponseInfo['response']);`

I also have the entity encoding feature to TinyMCE set to raw:

`entity_encoding : "raw"`

However... if I use the formatting features in TinyMCEsuch as bold, underline, font types, font sizes and so forth the submission is stored in MySQL as null. I did have it working at one point, but only for certain features, as I was able to submit <p>I love this!</p>\n<p>It\'s quite good you see. and it was successfully saved to SQL. There were however other things breaking it such as font size. Totally baffled.

//This:
<p>I love this!</p>\n<p>It\'s quite good you see.

//Came from submitting this:
I love this!
It's quite good you see.

The real question is, with rich text editors, how do you correctly encode, escape and recall?

Thanks in advance, repuation to the beautiful person who clearly explains the correct way of storing and then echoing RTE generated strings!

Michael

php

Edited 11 Years Ago by mmcdonald

4 Contributors
5 Replies
3K Views
12 Hours Discussion Span
Latest Post 11 Years Ago Latest Post by mmcdonald

pixelsoul 272 Red Pill

11 Years Ago

Using mysqli_real_escape_string function requires the database connection as well, like:

$formattedResponse = mysqli_real_escape_string($link, $configureEntities);

See if using this instead works any better:

$formattedResponse = $mysqli->real_escape_string($configureEntities);

Edited 11 Years Ago by pixelsoul

pritaeas 2,194 ¯\_(ツ)_/¯

11 Years Ago

Why would you use real escape AND bound parameters?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Atli 182 Posting Pro · Answer 1 · 2013-09-17T09:52:15+00:00

There are three other things in there, that I can see, which you should consider.

It would appear that you are binding the parameters incorrectly. The first two are integers, as far as I can tell, not strings.
There is no need to construct the date_added value in PHP and pass it as a string. Just use the MySQL NOW() function instead of the placeholder in the SQL query. - It may also be possible to use a TIMESTAMP there with a default set so that you don't even have to set the date yourself. (Read up on that properly, though, before attempting it. There are pitfalls to that method.)
It's also worth pointing out that you really shouldn't use the htmlentities function on the data at that point in the process. That's something you should be doing on the way out, not the way in. It prepares the data to be printed into a specific output format: HTML. What if, at some point, you need to use the data for another purpose? All your existing data will essentially be corrupt, and you'll have to go out of your way to repair it.

mmcdonald 28 Posting Pro · Answer 2 · 2013-09-17T11:26:21+00:00

And the above three posts are exactly WHY you stop programming after the first 15 yawns :')

Cheers guys, let me make some mods and post back

mmcdonald 28 Posting Pro · Answer 3 · 2013-09-17T12:36:48+00:00

Sorry for the delay, all works golden now except for bullet points (They indent, but no bullets are visible) I tested some code within the code tags, didnt store anything past '<code>'. Also, the ordered list is just like the bullet points, they indent but no numbers show. Any ideas? Every other formatting feature works fine.

I currently use htmlspecialchars_decode(stripslashes($topicResponseInfo['response'])) to echo my data, and that appears to work perfectly. I'm missing something before I'm executing the store query. I am not currently doing anything before storing except binding. Suggestions dw'ers? Thanks for your assistance so far.