PHP: convert TinyMCE strings

Blogs20112011-10-30

PHP: convert TinyMCE strings

If you use famous wysiwyg tool TinyMCE + PHP, it is common to convert TinyMCE string into MySQL DB or present as HTML. This easily causes problems if operating special chars (’, ”, &, < > .) etc. Here I list the 2 cases: TinyMCE output as HTML; and TinyMCE output to Database.

1. without a database

Here is a very useful help article for the convert WITHOUT Database operation: How-to implement TinyMCE in PHP. I summary and use like this: (suppose the tinymce )</p> <div class="gatsby-highlight" data-language="text"><pre style="counter-reset: linenumber NaN" class="language-text line-numbers"><code class="language-text">//1. allow HTML tags list: $allowedTags='<p><strong><em><u><h1><h2><h3><h4><h5><h6><img>'; $allowedTags.='<li><ol><ul><span><div><br><ins><del>'; //2. parse HTTP request string: if(isset($_POST['elm']) && !empty($_POST['elm']) { if (get_magic_quotes_gpc()) $content = $_POST['wysiwyg']; else $content = addslashes($_POST['wysiwyg']); //3. filter the string, only allowed tags are passed. $content = strip_tags($content,$allowedTags); //4. display parsed string as HTML: <textarea id="elm1" name="elm1" rows="15" cols="80"><?php echo $content;?></textarea></code><span aria-hidden="true" class="line-numbers-rows" style="white-space: normal; width: auto; left: 0;"><span></span><span></span><span></span><span></span><span></span><span></span><span></span><span></span><span></span><span></span><span></span><span></span><span></span><span></span><span></span><span></span><span></span></span></pre></div> <h4 id="2-with-a-database" style="position:relative;"><a href="#2-with-a-database" aria-label="2 with a database permalink" class="anchor before"><svg aria-hidden="true" focusable="false" height="16" version="1.1" viewBox="0 0 16 16" width="16"><path fill-rule="evenodd" d="M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z"></path></svg></a>2. with a database</h4> <p>TinyMCE string can NOT be directly inserted into Database, some pre-processed should be taken in case of special chars.</p> <ul> <li> <p>use <a href="http://ca2.php.net/manual/en/function.mysql-real-escape-string.php" title="http://ca2.php.net/manual/en/function.mysql-real-escape-string.php">mysql_real_escape_string</a> to escapes special characters in a string for use in an SQL statement; it prepends backslashes to the following characters:<br> <strong>x00, n, r, , ’, ” and x1a</strong>.</p> <p>This function must always be used to make data safe before sending a query to MySQL.</p> </li> <li>if using PEAR MDB2, use <a href="http://pear.php.net/package/MDB2/docs/latest/elementindex_MDB2.html" title="http://pear.php.net/package/MDB2/docs/latest/elementindex_MDB2.html">escape</a> to quote a string so it can be safely used in a query.</li> <li> <p>for <a href="http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc" title="http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc">magic_quotes_gpc</a> (boolean):<br> Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are <strong>on</strong>, all <strong>’ (single-quote)</strong>, <strong>” (double quote)</strong>, <strong>(backslash) and NUL’s</strong> are escaped with a backslash <strong>automatically</strong>.</p> <p>The setting is in php.ini, can be viewed by phpinfo(); and normally, the magic_quotes is <strong>off</strong> by default.</p> </li> </ul> <p>So when use TinyMCE and other WYSIWYG tools, make sure the edited content are used for DB operation, or just HTML display, then take action to control the string.</p></section></article><section class="jss32"><a class="MuiTypography-root MuiLink-root MuiLink-underlineNone jss35 MuiTypography-colorPrimary" rel="prev" href="/blogs/2011/jquery-selector-summary/"><div class="MuiPaper-root MuiCard-root jss33 MuiPaper-elevation1 MuiPaper-rounded"><button class="MuiButtonBase-root MuiCardActionArea-root jss34" tabindex="0" type="button"><div class="MuiCardContent-root"><h6 class="MuiTypography-root MuiTypography-h6 MuiTypography-gutterBottom"><svg class="MuiSvgIcon-root" focusable="false" viewBox="0 0 24 24" aria-hidden="true"><path d="M15.41 7.41L14 6l-6 6 6 6 1.41-1.41L10.83 12z"></path></svg> jQuery: Selector Summary</h6><p class="MuiTypography-root MuiTypography-body2 MuiTypography-colorInherit">jQuery selector summary I got the following summary from http://demo.smartnetzone.com/jquery-selectors/. not all, but helpful, save here for…</p></div><span class="MuiCardActionArea-focusHighlight"></span></button></div></a><a class="MuiTypography-root MuiLink-root MuiLink-underlineNone jss35 MuiTypography-colorPrimary" rel="next" href="/blogs/2011/smarty-preg_match/"><div class="MuiPaper-root MuiCard-root jss33 MuiPaper-elevation1 MuiPaper-rounded"><button class="MuiButtonBase-root MuiCardActionArea-root jss34" tabindex="0" type="button"><div class="MuiCardContent-root"><h6 class="MuiTypography-root MuiTypography-h6 MuiTypography-gutterBottom">Smarty preg_match? <svg class="MuiSvgIcon-root" focusable="false" viewBox="0 0 24 24" aria-hidden="true"><path d="M10 6L8.59 7.41 13.17 12l-4.58 4.59L10 18l6-6z"></path></svg></h6><p class="MuiTypography-root MuiTypography-body2 MuiTypography-colorInherit">Smarty preg_match? Smarty is a view layer libray, not good at string process. However, when Smarty templates become complex, such case is…</p></div><span class="MuiCardActionArea-focusHighlight"></span></button></div></a></section></div><div class="MuiGrid-root MuiGrid-item MuiGrid-grid-xs-3"><aside class="jss36"><h6 class="MuiTypography-root jss37 MuiTypography-h6 MuiTypography-gutterBottom"><svg class="MuiSvgIcon-root" focusable="false" viewBox="0 0 24 24" aria-hidden="true"><path d="M3 9h14V7H3v2zm0 4h14v-2H3v2zm0 4h14v-2H3v2zm16 0h2v-2h-2v2zm0-10v2h2V7h-2zm0 6h2v-2h-2v2z"></path></svg> Table of Contents</h6><div class="jss38"><ul> <li><a href="#php-convert-tinymce-strings">PHP: convert TinyMCE strings</a></li> <li><a href="#1-without-a-database">1. without a database</a></li> <li><a href="#2-with-a-database">2. with a database</a></li> </ul></div></aside></div></div></div></div></div><div id="gatsby-announcer" style="position:absolute;top:0;width:1px;height:1px;padding:0;overflow:hidden;clip:rect(0, 0, 0, 0);white-space:nowrap;border:0" aria-live="assertive" aria-atomic="true"></div></div><script id="gatsby-script-loader">/*<![CDATA[*/window.pagePath="/blogs/2011/php-convert-tinymce-strings/";/*]]>*/</script><script id="gatsby-chunk-mapping">/*<![CDATA[*/window.___chunkMapping={"polyfill":["/polyfill-e9b84d9420bbe4f92e2c.js"],"app":["/app-7923f496aea346368a3e.js"],"component---src-pages-404-js":["/component---src-pages-404-js-39d91d9957625b650fa7.js"],"component---src-pages-about-js":["/component---src-pages-about-js-6ed2a2dc16332ec2b0ad.js"],"component---src-pages-contact-js":["/component---src-pages-contact-js-ded7b9a26109c038e270.js"],"component---src-pages-resource-js":["/component---src-pages-resource-js-1d1d48ce95b8564e0c52.js"],"component---src-pages-services-js":["/component---src-pages-services-js-35eb3c49c64cbab5b853.js"],"component---src-templates-blog-js":["/component---src-templates-blog-js-e42389ae35128c6ab42d.js"],"component---src-templates-bootcamp-js":["/component---src-templates-bootcamp-js-345bc4574ed353df4cbe.js"],"component---src-templates-team-js":["/component---src-templates-team-js-2d21fdd091cdf40fb23e.js"]};/*]]>*/</script><script src="/polyfill-e9b84d9420bbe4f92e2c.js" nomodule=""></script><script src="/component---src-templates-blog-js-e42389ae35128c6ab42d.js" async=""></script><script src="/commons-70bed8265a8c13dadb4b.js" async=""></script><script src="/app-7923f496aea346368a3e.js" async=""></script><script src="/styles-83801f3b4dd3459a4027.js" async=""></script><script src="/framework-1bcdbcdd30f43763a25c.js" async=""></script><script src="/webpack-runtime-df16debb8274c7b3611c.js" async=""></script></body></html>