html_entity_decode possible bug...?
Moderator: General Moderators
html_entity_decode possible bug...?
Hey guys I need some help. I'm storing the content for a CMS in a mysql table, using htmlentities to encode the information before putting it in the table. I grab the data, use html_entity_decode to get it back to normal, and output it. When I go to edit the content, using TinyMCE (maybe this is a TinyMCE bug, but I've got to start asking somewhere), the '/' which is escaped by two periods (../ in the table) doesn't get the '..'s removed. If we save it from the TinyMCE page, the '..'s get inserted, and we get more and more as we go. Anyone have any ideas?
Re: html_entity_decode possible bug...?
//if ( isset( $_POST ) )
$postArray = &$_POST ; //From TinyMCE editor value.....
foreach ( $postArray as $sForm => $value )
{
if ( get_magic_quotes_gpc() )
$postedValue = stripslashes($value) ;
else
$postedValue = $value;
echo "<div id='$sForm''>$postedValue</div>";
}
U can use like this it will help u .....It will remove all the bugs.......
$postArray = &$_POST ; //From TinyMCE editor value.....
foreach ( $postArray as $sForm => $value )
{
if ( get_magic_quotes_gpc() )
$postedValue = stripslashes($value) ;
else
$postedValue = $value;
echo "<div id='$sForm''>$postedValue</div>";
}
U can use like this it will help u .....It will remove all the bugs.......
Re: html_entity_decode possible bug...?
Hey,
I don't know anything about tinyMCE or whatever...
But I was just wondering, why are you encoding data on insertion, and decoding it on display? That sounds utterly pointless.
I don't know anything about tinyMCE or whatever...
But I was just wondering, why are you encoding data on insertion, and decoding it on display? That sounds utterly pointless.
-
Mark Baker
- Forum Regular
- Posts: 710
- Joined: Thu Oct 30, 2008 6:24 pm
Re: html_entity_decode possible bug...?
a / isn't normally escaped by ..
Are you sure that this is escaping, and not a relative directory path?
Are you sure that this is escaping, and not a relative directory path?
Re: html_entity_decode possible bug...?
Well it made sense to me to turn the html code from <a href=" into <a href=" to keep the sql query happier, but that doesn't really matter. I think TinyMCE is adding the extra ..'s itself, but thanks for the help anyways
Re: html_entity_decode possible bug...?
That makes no sense - why not use mysql_real_escape_string() instead? That's exactly what it's designed for.