TinyMCE PHP not allowing users to enter certain values

[billy_111]

Hey,

I am using TinyMCE for my backend admin section to upload existing details on specific pages of my website.

However when i enter an apostrophe:-

e.g. This isn't a test

It does not update in the database. If i take the apostrophe out then it works?

Why does this happen and what do i need to do?

I have the following code in my <head> tag:-

PHP Code:

<script language="javascript" type="text/javascript" src="tinymce/jscripts/tiny_mce/tiny_mce.js"></script>
<script language="javascript" type="text/javascript">
tinyMCE.init({
mode : "textareas",
theme : "advanced",
plugins : "safari,spellchecker,pagebreak,style,layer,table,save,advhr,advimage,advlink,emotions,iespell,inlinepopups,insertdatetime,preview,media,searchreplace,print,contextmenu,paste,directionality,fullscreen,noneditable,visualchars,nonbreaking,xhtmlxtras,template,imagemanager,filemanager",
// Theme options
theme_advanced_buttons1 : "save,newdocument,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,|,styleselect,formatselect,fontselect,fontsizeselect",
theme_advanced_buttons2 : "cut,copy,paste,pastetext,pasteword,|,search,replace,|,bullist,numlist,|,outdent,indent,blockquote,|,undo,redo,|,link,unlink,anchor,image,cleanup,help,code,|,insertdate,inserttime,preview,|,forecolor,backcolor",
theme_advanced_buttons3 : "tablecontrols,|,hr,removeformat,visualaid,|,sub,sup,|,charmap,emotions,iespell,media,advhr,|,print,|,ltr,rtl,|,fullscreen",
theme_advanced_buttons4 : "insertlayer,moveforward,movebackward,absolute,|,styleprops,spellchecker,|,cite,abbr,acronym,del,ins,attribs,|,visualchars,nonbreaking,template,blockquote,pagebreak,|,insertfile,insertimage",
theme_advanced_toolbar_location : "top",
theme_advanced_toolbar_align : "left",
theme_advanced_statusbar_location : "bottom",

theme_advanced_resizing : true,
// Example content CSS (should be your site CSS)
content_css : "css/example.css",
// Drop lists for link/image/media/template dialogs
template_external_list_url : "js/template_list.js",
external_link_list_url : "js/link_list.js",
external_image_list_url : "js/image_list.js",
media_external_list_url : "js/media_list.js"
});
//you can also used “advanced” for themes
</script> 


What am i doing wrong?

Regards

[Dan Grossman]

The problem is not your HTML or JavaScript but your PHP code processing the form

You are likely not escaping the string before inserting it into your query

Use mysql_real_escape_string

[billy_111]

Hey,

I have changed the way i insert like this, but still no luck:--

PHP Code:

                    $title = $_POST['txt_title'];
                    $details = $_POST['txt_details'];
                    $date = $_POST['txt_date'];
                    $info = $_POST['txt_info'];
                    $day = $_POST['txt_day'];

                    mysql_real_escape_string($title);
                    mysql_real_escape_string($details);
                    mysql_real_escape_string($date);
                    mysql_real_escape_string($info);
                    mysql_real_escape_string($day);
                    
                    $insert = "INSERT INTO bills (bill_title, bill_info, bill_date, other_info, bill_day, active, archive, date_added) VALUES 
                    (
                    $title,
                    $details,
                    $date,
                    $info,
                    $day,
                    '1', 'NO', now()
                    )";
                    $add_member = mysql_query($insert); 


now the insert does not work at all!

[Dan Grossman]

mysql_real_escape_string returns a string, it does not modify a string, so you haven't changed anything

PHP Code:

$details = mysql_real_escape_string($details); 


You also need to enclose all strings in single quotes in SQL

PHP Code:

                    $insert = "INSERT INTO bills (bill_title, bill_info, bill_date, other_info, bill_day, active, archive, date_added) VALUES
                    ( 
                    '$title', 
                    '$details', 
                    '$date', 
                    '$info, 
                    '$day', 
                    '1', 'NO', now() 
                    )"; 


[billy_111]

Thanks!

It works now

Regards

[billy_111]

Hey,

One final thing whilst we are talking about tinyMCE, i have realised that everything is within <p> tags when using the plugin.

So in my database all my fields will have <p> tags around them. This is mucking up my styles and i cant seem to fix is accordingly.

If you take a look at this page:-

http://www.listentotheconstituents.com/manage_bills.php

Take a look at the "This weeks bills" section at the top. The bottom link has been created using tinyMCE but as you can see it spoils the styles. What do i need to do in order for this to match the links directly above it?

Regards

[Dan Grossman]

You can either remove the <p> tags before storing the text in the database, you can remove the <p> tags after retrieving the stored text from the database, or you can edit your stylesheet so <p> tags look the way you want them.

http://php.net/manual/en/function.str-replace.php
http://us2.php.net/manual/en/function.preg-replace.php