hacker Posted September 18, 2011 Share Posted September 18, 2011 Granted, I haven't finished chapter five yet; however, why would one go through the trouble of creating an HTML page with TinyMCE and then use mysqli_real_escape_string() to escape the quotation marks around the values of the style attributes of the HTML tags contained in $_POST['content']? This negates all the CSS created by TinyMCE and when one calls the page through the links under the CONTENT heading, (actually thru page.php) the HTML page is written without formatting (style). Hacker Link to comment Share on other sites More sharing options...
Larry Posted September 19, 2011 Share Posted September 19, 2011 (edited) You're misunderstanding what's going on here. You use mysqli_real_escape_string() to escape quotation marks and other problematic characters so that the value is safe to use in a query. The slashes are not stored in the database, though, so they don't render the CSS and whatever else from being useful. Edited September 21, 2011 by Larry Should have been "slashes", not "quotes". Link to comment Share on other sites More sharing options...
hacker Posted September 20, 2011 Author Share Posted September 20, 2011 Larry, I must have a problem elsewhere in the scripts because I have code like the following stored in the content field of my pages table: <div style=\"position: relative; width: 612px; height: 792px; border: 1px solid #999;\"> Regarding your statement, "...the quotes are not stored in the database...", how is the inline CSS created by TinyMCE going to be displayed correctly when the HTML file is retrieved and displayed by page.html? Inline CSS needs to be written with quotes surrounding the rules. You're absolutely correct, I am missing something here. Hacker P.S. Since I had my hosting company turn off magic_quotes_gpc for my account (earlier this afternoon). I've been able to retrieve (from the pages table) my CSS inline styled HTML pages with the style intact. Now, if I can only edit the HTML pages within your app Larry, I'll be in business :-) Thanks again for the book. Link to comment Share on other sites More sharing options...
Larry Posted September 21, 2011 Share Posted September 21, 2011 Oops, sorry about that. Meant "slashes" are not stored; quotes are stored. But it seems that Magic Quotes was causing the problem, meaning you had double slashes, which is why you saw the result you saw. Thanks for letting us know and thanks for the nice words on the book! Link to comment Share on other sites More sharing options...
hacker Posted September 21, 2011 Author Share Posted September 21, 2011 Larry, You betcha... thank you... now I can put the Seppuku knife back in the drawer. Hacker Link to comment Share on other sites More sharing options...
Recommended Posts