Hi All,

I want to integrate a What you see is what you get editor for my website.

I understand that the editor can be the one as I can see I am typing in. How do I store data in database so that when I retreive the data from db I can implement the same thing.

Like if a bold text was stored in a db the bold text is retrieved after I display.

The big hitch here is that when I display some data, I use htmlentities() function to prevent HTML hacks.

Please suggest a tried and tested method to this.

I appreciate your help regarding this.

Recommended Answers

All 5 Replies

Member Avatar

Depending on your implementation, the 'id/name' that you give your new wysiwyg object is usually what you need to access the data when the form is sent, e.g. $_POST. You should ALWAYS clean ALL input from a form before placing it in a DB. htmlentities/addslashes can be used to place the input into the db and html_entity_decode/stripslashes can reform the html if you want it 'reformed'.

I use mysql_real_escape_string() to clean ALL my inputs.

How you integrate it depends on the editor. The most common ones are CKEditor and TinyMCE.

You're painting yourself into a corner a bit by both wanting the user to provide rich text formatting, but also being concerned about html injection. About the only thing you can do is to not allow the user to provide HTML tags. Rather, use the editor to provide bbcode that you convert into html behind-the-scenes. TinyMCE can be modified (not sure how easily - but fairly) to handle BBCode.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.