php - Where's my html tags going? -
starting frustrated form. i'm submitting html content database, stored , retrieved display on front end. have made sure use htmlspecialchars(), however, code getting stripped down plain text upon saving.
i've read ton of post's questions identical mine, haven't found suitable answer.
here's code i'm having trouble with:
<li> <label for="summary">article summary</label> <textarea name="summary" id="summary" placeholder="brief description of article" required maxlength="1000" style="height: 5em;"><?php echo htmlspecialchars( $results['article']->summary )?></textarea> <script> ckeditor.replace( 'summary', { filebrowserbrowseurl: 'wysiwyg/kcfinder/browse.php? opener=ckeditor&type=files', filebrowserimagebrowseurl: 'wysiwyg/kcfinder/browse.php? opener=ckeditor&type=images', filebrowserflashbrowseurl: 'wysiwyg/kcfinder/browse.php? opener=ckeditor&type=flash', filebrowseruploadurl: 'wysiwyg/kcfinder/upload.php? opener=ckeditor&type=files', filebrowserimageuploadurl: 'wysiwyg/kcfinder/upload.php? opener=ckeditor&type=images', filebrowserflashuploadurl: 'wysiwyg/kcfinder/upload.php? opener=ckeditor&type=flash' }); </script> </li> here's example of input:
<p><img alt="" src="/wysiwyg/kcfinder/upload/images/plymouth.png" style="height:323px; width:549px" /></p> here's output:
pimg alt"" src"wysiwygkcfinderuploadimagesplymouth.png" style"height:323px width:549px" p it submits database, , it's being retrieved , displayed on front-end, without html. also, output how it's being stored in database.
what happening here?
edit: php code requested.
<?php /** * class handle articles */ class article { // properties /** * @var int article id database */ public $id = null; /** * @var int when article / first published */ public $publicationdate = null; /** * @var string full title of article */ public $title = null; /** * @var string short summary of article */ public $summary = null; /** * @var string html content of article */ public $content = null; /** * sets object's properties using values in supplied array * * @param assoc property values */ public function __construct( $data=array() ) { if ( isset( $data['id'] ) ) $this->id = (int) $data['id']; if ( isset( $data['publicationdate'] ) ) $this->publicationdate = (int) $data['publicationdate']; if ( isset( $data['title'] ) ) $this->title = $data['title']; if ( isset( $data['summary'] ) ) $this->summary = $data['summary']; if ( isset( $data['content'] ) ) $this->content = $data['content']; } /** * sets object's properties using edit form post values in supplied array * * @param assoc form post values */ public function storeformvalues ( $params ) { // store parameters $this->__construct( $params ); // parse , store publication date if ( isset($params['publicationdate']) ) { $publicationdate = explode ( '-', $params['publicationdate'] ); if ( count($publicationdate) == 3 ) { list ( $y, $m, $d ) = $publicationdate; $this->publicationdate = mktime ( 0, 0, 0, $m, $d, $y ); } } } /** * returns article object matching given article id * * @param int article id * @return article|false article object, or false if record not found or there problem */ public static function getbyid( $id ) { $conn = new pdo( db_dsn, db_username, db_password ); $sql = "select *, unix_timestamp(publicationdate) publicationdate articles id = :id"; $st = $conn->prepare( $sql ); $st->bindvalue( ":id", $id, pdo::param_int ); $st->execute(); $row = $st->fetch(); $conn = null; if ( $row ) return new article( $row ); } /** * returns (or range of) article objects in db * * @param int optional number of rows return (default=all) * @param string optional column order articles (default="publicationdate desc") * @return array|false two-element array : results => array, list of article objects; totalrows => total number of articles */ public static function getlist( $numrows=1000000, $order="publicationdate desc" ) { $conn = new pdo( db_dsn, db_username, db_password ); $sql = "select sql_calc_found_rows *, unix_timestamp(publicationdate) publicationdate articles order " . mysql_escape_string($order) . " limit :numrows"; $st = $conn->prepare( $sql ); $st->bindvalue( ":numrows", $numrows, pdo::param_int ); $st->execute(); $list = array(); while ( $row = $st->fetch() ) { $article = new article( $row ); $list[] = $article; } // total number of articles matched criteria $sql = "select found_rows() totalrows"; $totalrows = $conn->query( $sql )->fetch(); $conn = null; return ( array ( "results" => $list, "totalrows" => $totalrows[0] ) ); } /** * inserts current article object database, , sets id property. */ public function insert() { // article object have id? if ( !is_null( $this->id ) ) trigger_error ( "article::insert(): attempt insert article object has id property set (to $this- >id).", e_user_error ); // insert article $conn = new pdo( db_dsn, db_username, db_password ); $sql = "insert articles ( publicationdate, title, summary, content ) values ( from_unixtime(:publicationdate), :title, :summary, :content )"; $st = $conn->prepare ( $sql ); $st->bindvalue( ":publicationdate", $this->publicationdate, pdo::param_int ); $st->bindvalue( ":title", $this->title, pdo::param_str ); $st->bindvalue( ":summary", $this->summary, pdo::param_str ); $st->bindvalue( ":content", $this->content, pdo::param_str ); $st->execute(); $this->id = $conn->lastinsertid(); $conn = null; } /** * updates current article object in database. */ public function update() { // article object have id? if ( is_null( $this->id ) ) trigger_error ( "article::update(): attempt update article object not have id property set.", e_user_error ); // update article $conn = new pdo( db_dsn, db_username, db_password ); $sql = "update articles set publicationdate=from_unixtime(:publicationdate), title=:title, summary=:summary, content=:content id = :id"; $st = $conn->prepare ( $sql ); $st->bindvalue( ":publicationdate", $this->publicationdate, pdo::param_int ); $st->bindvalue( ":title", $this->title, pdo::param_str ); $st->bindvalue( ":summary", $this->summary, pdo::param_str ); $st->bindvalue( ":content", $this->content, pdo::param_str ); $st->bindvalue( ":id", $this->id, pdo::param_int ); $st->execute(); $conn = null; } /** * deletes current article object database. */ public function delete() { // article object have id? if ( is_null( $this->id ) ) trigger_error ( "article::delete(): attempt delete article object not have id property set.", e_user_error ); // delete article $conn = new pdo( db_dsn, db_username, db_password ); $st = $conn->prepare ( "delete articles id = :id limit 1" ); $st->bindvalue( ":id", $this->id, pdo::param_int ); $st->execute(); $conn = null; } } ?>
ok. figured out problem.
in php code there preg_replace string stripped html tags out of submissions. removing code allowed me store way needed stored.
the line preg_replace ( "/[^\.\,\-\_\'\"\@\?\!\:\$ a-za-z0-9()]/", "", needed removed part processed form submission in order keep html tags.
when removing line, sure remove ) end of string, or generate php error: unexpected ')' on line xx
Comments
Post a Comment