I'm wanting a way to provide users the ability to perform a small amount of text formatting on form entered text. I've found a simple(ish) rich text formatting javascript tool (http://www.dynamicdrive.com/dynamicindex16/richtexteditor/index.htm) that allows this and as far as I can see will allow me to pass the text plus the added HTML formatting via POST into a variable in the next page.

My question is what functions would I need to apply to this content to ensure it maintains all the relevant 's and "s before I pass it into the database? Assuming thats succesfull, would I need to process it in anyway upon retrieval?

Any help is appreciated.

Ric

    Let's suppose you have POSTed your html with all its quotes and stuff to a form called form.php.

    Let's also suppose the html exists in the var $POST['var_var']. First, grab the value from $POST and put it in another var for convenience:

    $my_var = $_POST['lastname']';

    If your server is configured with magic_quotes_gpc ON then you need to remove the backslashes:

    if (get_magic_quotes_gpc()) {
        $my_var = stripslashes($my_var);
    }
    

    At this point $my_var should contain a pretty much verbatim version of your submitted var.

    If you want to put it in to a database, you should use [man]mysql_escape_string[/man] or perhaps [man]mysql_real_escape_string[/man] or one of the newer mysqli functions to "escape" the quotes and such.

    $sql = "INSERT INTO my_table (my_column) VALUES ('" . mysql_real_escape_string($my_var) . "')";

      timyMCE and CKEditor are the most used WYSIWYG used, i suggest one of those over the script you linked to, more options and far better support, such as answers to the questions above.

        Write a Reply...