Page 1 of 1
html_entity_decode possible bug...?
Posted: Sun Aug 02, 2009 11:14 pm
by paqman
Hey guys I need some help. I'm storing the content for a CMS in a mysql table, using htmlentities to encode the information before putting it in the table. I grab the data, use html_entity_decode to get it back to normal, and output it. When I go to edit the content, using TinyMCE (maybe this is a TinyMCE bug, but I've got to start asking somewhere), the '/' which is escaped by two periods (../ in the table) doesn't get the '..'s removed. If we save it from the TinyMCE page, the '..'s get inserted, and we get more and more as we go. Anyone have any ideas?
Re: html_entity_decode possible bug...?
Posted: Mon Aug 03, 2009 12:22 am
by bala_1225
//if ( isset( $_POST ) )
$postArray = &$_POST ; //From TinyMCE editor value.....
foreach ( $postArray as $sForm => $value )
{
if ( get_magic_quotes_gpc() )
$postedValue = stripslashes($value) ;
else
$postedValue = $value;
echo "<div id='$sForm''>$postedValue</div>";
}
U can use like this it will help u .....It will remove all the bugs.......
Re: html_entity_decode possible bug...?
Posted: Mon Aug 03, 2009 8:14 am
by jackpf
Hey,
I don't know anything about tinyMCE or whatever...
But I was just wondering, why are you encoding data on insertion, and decoding it on display? That sounds utterly pointless.
Re: html_entity_decode possible bug...?
Posted: Mon Aug 03, 2009 8:18 am
by Mark Baker
a / isn't normally escaped by ..
Are you sure that this is escaping, and not a relative directory path?
Re: html_entity_decode possible bug...?
Posted: Mon Aug 03, 2009 10:42 am
by paqman
Well it made sense to me to turn the html code from <a href=" into <a href=" to keep the sql query happier, but that doesn't really matter. I think TinyMCE is adding the extra ..'s itself, but thanks for the help anyways
Re: html_entity_decode possible bug...?
Posted: Mon Aug 03, 2009 1:00 pm
by jackpf
That makes no sense - why not use mysql_real_escape_string() instead? That's exactly what it's designed for.