tinymce activerecord and database

#1
[eluser]havoc[/eluser]
I would ask you what is the best way to store html generated from tinymce in database?

#2
[eluser]stuffradio[/eluser]
Umm,

do you mean the best way to save it with PHP, or what?

#3
[eluser]Référencement Google[/eluser]
I am not sure what you would like to know exactly. Do you mean about security issues that you should care about while allowing a user using TinyMCE to store HTML into a Database?

#4
[eluser]havoc[/eluser]
no no, I think about, it is a better way to save clear html in database (its is possible? there is not any automatic anty xss function in activerecord?) or maybe first take some encoding on html data before save it to database?

#5
[eluser]Référencement Google[/eluser]
I advice you to turn on the config.php XSS filtering globaly, this will avoid a certain amount of potential problems. After that, you should use only active record to insert, select and update your HTML, then your data will be safely quoted. Another level of security would be to htmlentities all entered html. With all that I think you are pretty secure using tinyMce to store the user generated html.

#6
[eluser]havoc[/eluser]
ok, i used htmlentities and html was saved in database (clear html not) but when I try read this html from database I don't have polish letter (like óżźćłą etc...) (i try use htmlentities($html, ENT_COMPAT, 'UTF-8'); and html_entity_decode($htmlfromdatabase, ENT_COMPAT, "UTF-8") but when I use htmlentities($html, ENT_COMPAT, 'UTF-8'); there is nothing in database after save! and when I use htmlentities($html) there is not polish letters. So where should I look for solution?

#7
[eluser]Référencement Google[/eluser]
Check the settings of your database and settings of your database fields and tables. All must be in UTF-8.
What DB are you using? Which version?

#8
[eluser]havoc[/eluser]
I have MySQL: 5.0.51a
MySQL charset: UTF-8 Unicode (utf8)
MySQL connection collation: utf8_unicode_ci
in table where i try to save html Collation is utf8_polish_ci
files with code are save in utf too.

#9
[eluser]Référencement Google[/eluser]
do you try to set config/database.php with the same encoding too?
Can you post your scripts?

#10
[eluser]havoc[/eluser]
Code:
Database config:
$db['default']['char_set'] = "utf8";
$db['default']['dbcollat'] = "utf8_general_ci";


Simple method from controller

function editPlace() {
// $ID - record id, $txt - html from tinymce , $this->plac - model
        $placeID = $this->session->userdata('ID');
        $opis_pl = $this->input->post('txt');
        $opis_pl = htmlentities($txt, ENT_COMPAT, 'UTF-8');
        $this->plac->editPlac($ID, $txt);
    }


//And model method editPlac
   function editPlac($id, $txt){
        $data = array(
               'html' => $txt
            );

        $this->db->where('id', $id);
        $this->db->update('plac', $data);
    }


//and where I want to print html I use:

//first I read record:

function getPlacForID($id) {
        $query = $this->db->get_where('plac', array('id' => $id));
        return $query->result();
        
    }

//next I send result to view:

<?php echo html_entity_decode($currentPlac[0]->html, ENT_COMPAT, "UTF-8") ?>

but when I try use utf nothing is save in database Sad


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.