CodeIgniter Forums
Insert Clean data using text editor - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Best Practices (https://forum.codeigniter.com/forumdisplay.php?fid=12)
+--- Thread: Insert Clean data using text editor (/showthread.php?tid=70618)

Insert Clean data using text editor - rmcdahal - 05-04-2018

Hello folks,
Why this types of html code are inserted in my db table ? 


My Model code is 
Code:
public function create_post()
   {
       $data = array(
           'title' =>$this->input->post('title'),
           'body' =>$this->input->post('post_body'),
           'category_id' => $this->input->post('cat_select')
       );
       return $this->db->insert('posts', $data);
   }

My Controller code is 
Code:
public function create()
   {

       $data['page_heading'] = "Add New Post";
       $data['categories'] = $this->Category_m->getAllCategory();
       $this->form_validation->set_rules('title', 'Post Title', 'trim|required');
       $this->form_validation->set_rules('post_body', 'Post Body', 'required');


if ($this->form_validation->run() === FALSE) {
   $data['content_view'] = 'Posts/Create';
       $this->templates->admin_themes($data);
} else {
  $this->Post_m->create_post();
  redirect('posts/index','refresh');
}
   }
Create View Is With TinyMCE
Code:
<div class="form-group row">
                   <div class="col-12">
                       <textarea class="form-control" id="post_body" name="post_body"></textarea>
                   </div>
               </div>

   

RE: Insert Clean data using text editor - kilishan - 05-04-2018

You're using a rich text editor - TinyMCE - which generates HTML. If you want to restrict what it creates, either use a strip_tags call in the model, or, better yet, look at TinyMCE's options to get it like you want it there.

RE: Insert Clean data using text editor - jreklund - 05-04-2018

Remove Full Page Plugin
https://www.tinymce.com/docs/plugins/fullpage/

And add HTML Purifier so that you don't get vulnerable to XSS attacks
http://htmlpurifier.org/

RE: Insert Clean data using text editor - qury - 05-09-2018

I had issues with html code generated by rich text editors as well, so now i use medium editor with markdown plugin to give my users a bit of formatting capabilities and also allow easily readable extracts to be generated from the database (into xlsx)

When displaying the markdown from the database i use http://parsedown.org to convert the markdown test back to nice html.

http://ionicabizau.github.io/medium-editor-markdown/example/