0

Hi,

I am using Tiny MCE as a Textbox to get user generated input which can be bold, italic, underlined, lists and different alignments.

When the user submits the form data the information is then saved to a variable like below:

$jobDesc = mysqli_real_escape_string ($dbc, $trimmed['txtJobProfile']);

The I take the input and put it into a session like below:

$_SESSION['jobProfile'] = $jobDesc;

I then call it on the next page but all I get is:

"\r"\n"\r"this is a test\r"\"n

Now what I want to do is to display the user input so that it displays as normal text,lists, and left alignmnets, so that there is no HTML showing, no \"r or \n.

So how do I go about formating the text ready to be displayed properly and also insert it into a database and then select and output it on other pages at different times ?

Thanks

3
Contributors
9
Replies
10
Views
7 Years
Discussion Span
Last Post by SunnySideUp
0

assuming you are NOT saving the value in $_SESSION['jobProfile'] to the DB (just using if to display on browser), then instead of: $_SESSION['jobProfile'] = $jobDesc; try: $_SESSION['jobProfile'] = nl2br($trimmed['txtJobProfile']);

0

Hi,

Thanks for your quick reply, I tried that and all I get is:


rn
This is a Test.


rn

rn
Once again nothing works

rn

rn
I need some help with this one

Thanks

0

Hi,

I tried that as well but that didn't work either. Below is the kind of thing I am getting now:

<p><strong>fvfvfvfvfvfvfv</strong>cdknbkdnkvfnvkfnvk</p>\r\n<p>dnkdnvkfnvkfnvkfnvkfvnfk</p>\r\n<p>mlfmlvmflmvlfvmlfmvflmvlfmv</p>\r\n<p&gt

It does not seem to want to render my tinyMCE code, ie Bold, Lists, Enter, New line etc etc ??

Thanks

0

Hi,

I take out HTMLEntities and all I get is this:

Welcome to flockjobs.com

\r\n
Welcome to 
\r\n
\r\n
this is hard shits
\r\n
need some help with this
\r\n
\r\n

I don't know whether its the actual TinyMCE textareas ?

Thanks

0

ORIGINALLY you posted: $jobDesc = mysqli_real_escape_string ($dbc, $trimmed['txtJobProfile']); How are you populating/initializing the value of $trimmed?

0

Hi,

I am populating $trimmed with the following:

$trimmed = ('trim', $_POST);

But one thing I have noticed is that if I take out 'mysqli_real_escape_string' then it will work fine but I am worried about XSS attacks and SQL injection attacks as well as the fact I want to also call the information from a database at a later date as well.

Thanks.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.