SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Wizard billy_111's Avatar
    Join Date
    Jul 2009
    Posts
    1,683
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    TinyMCE PHP not allowing users to enter certain values

    Hey,

    I am using TinyMCE for my backend admin section to upload existing details on specific pages of my website.

    However when i enter an apostrophe:-

    e.g. This isn't a test
    It does not update in the database. If i take the apostrophe out then it works?

    Why does this happen and what do i need to do?

    I have the following code in my <head> tag:-

    PHP Code:
    <script language="javascript" type="text/javascript" src="tinymce/jscripts/tiny_mce/tiny_mce.js"></script>
    <script language="javascript" type="text/javascript">
    tinyMCE.init({
    mode : "textareas",
    theme : "advanced",
    plugins : "safari,spellchecker,pagebreak,style,layer,table,save,advhr,advimage,advlink,emotions,iespell,inlinepopups,insertdatetime,preview,media,searchreplace,print,contextmenu,paste,directionality,fullscreen,noneditable,visualchars,nonbreaking,xhtmlxtras,template,imagemanager,filemanager",
    // Theme options
    theme_advanced_buttons1 : "save,newdocument,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,|,styleselect,formatselect,fontselect,fontsizeselect",
    theme_advanced_buttons2 : "cut,copy,paste,pastetext,pasteword,|,search,replace,|,bullist,numlist,|,outdent,indent,blockquote,|,undo,redo,|,link,unlink,anchor,image,cleanup,help,code,|,insertdate,inserttime,preview,|,forecolor,backcolor",
    theme_advanced_buttons3 : "tablecontrols,|,hr,removeformat,visualaid,|,sub,sup,|,charmap,emotions,iespell,media,advhr,|,print,|,ltr,rtl,|,fullscreen",
    theme_advanced_buttons4 : "insertlayer,moveforward,movebackward,absolute,|,styleprops,spellchecker,|,cite,abbr,acronym,del,ins,attribs,|,visualchars,nonbreaking,template,blockquote,pagebreak,|,insertfile,insertimage",
    theme_advanced_toolbar_location : "top",
    theme_advanced_toolbar_align : "left",
    theme_advanced_statusbar_location : "bottom",

    theme_advanced_resizing : true,
    // Example content CSS (should be your site CSS)
    content_css : "css/example.css",
    // Drop lists for link/image/media/template dialogs
    template_external_list_url : "js/template_list.js",
    external_link_list_url : "js/link_list.js",
    external_image_list_url : "js/image_list.js",
    media_external_list_url : "js/media_list.js"
    });
    //you can also used “advanced” for themes
    </script> 
    What am i doing wrong?

    Regards

  2. #2
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    The problem is not your HTML or JavaScript but your PHP code processing the form

    You are likely not escaping the string before inserting it into your query

    Use mysql_real_escape_string

  3. #3
    SitePoint Wizard billy_111's Avatar
    Join Date
    Jul 2009
    Posts
    1,683
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey,

    I have changed the way i insert like this, but still no luck:--

    PHP Code:
                        $title $_POST['txt_title'];
                        
    $details $_POST['txt_details'];
                        
    $date $_POST['txt_date'];
                        
    $info $_POST['txt_info'];
                        
    $day $_POST['txt_day'];

                        
    mysql_real_escape_string($title);
                        
    mysql_real_escape_string($details);
                        
    mysql_real_escape_string($date);
                        
    mysql_real_escape_string($info);
                        
    mysql_real_escape_string($day);
                        
                        
    $insert "INSERT INTO bills (bill_title, bill_info, bill_date, other_info, bill_day, active, archive, date_added) VALUES 
                        (
                        
    $title,
                        
    $details,
                        
    $date,
                        
    $info,
                        
    $day,
                        '1', 'NO', now()
                        )"
    ;
                        
    $add_member mysql_query($insert); 
    now the insert does not work at all!

  4. #4
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    mysql_real_escape_string returns a string, it does not modify a string, so you haven't changed anything

    PHP Code:
    $details mysql_real_escape_string($details); 
    You also need to enclose all strings in single quotes in SQL

    PHP Code:
                        $insert "INSERT INTO bills (bill_title, bill_info, bill_date, other_info, bill_day, active, archive, date_added) VALUES
                        ( 
                        '
    $title', 
                        '
    $details', 
                        '
    $date', 
                        '
    $info
                        '
    $day', 
                        '1', 'NO', now() 
                        )"


  5. #5
    SitePoint Wizard billy_111's Avatar
    Join Date
    Jul 2009
    Posts
    1,683
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks!

    It works now

    Regards

  6. #6
    SitePoint Wizard billy_111's Avatar
    Join Date
    Jul 2009
    Posts
    1,683
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey,

    One final thing whilst we are talking about tinyMCE, i have realised that everything is within <p> tags when using the plugin.

    So in my database all my fields will have <p> tags around them. This is mucking up my styles and i cant seem to fix is accordingly.

    If you take a look at this page:-

    http://www.listentotheconstituents.com/manage_bills.php

    Take a look at the "This weeks bills" section at the top. The bottom link has been created using tinyMCE but as you can see it spoils the styles. What do i need to do in order for this to match the links directly above it?

    Regards

  7. #7
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    You can either remove the <p> tags before storing the text in the database, you can remove the <p> tags after retrieving the stored text from the database, or you can edit your stylesheet so <p> tags look the way you want them.

    http://php.net/manual/en/function.str-replace.php
    http://us2.php.net/manual/en/function.preg-replace.php


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •