Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 8 of 8
  1. #1
    Senior Member leprechaun13's Avatar
    Join Date
    May 2005
    Location
    Northampton
    Posts
    487
    Member #
    10058
    Im writing my own CMS as i havnt managed to find 1 that suits my needs and cant get the data submitted from TinyMCE on this page
    HTML Code:
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title>TinyMCPUK example</title>
    <!-- TinyMCE -->
    <script language="javascript" type="text/javascript" src="tiny_mce.js"></script>
    <script language="javascript" type="text/javascript">
    	tinyMCE.init({
    		mode : "textareas",
    		theme : "advanced",
    		plugins : "table,save,advhr,advimage,advlink,emotions,iespell,insertdatetime,preview,zoom,flash,searchreplace,print,paste,directionality,fullscreen,noneditable,contextmenu",
    		theme_advanced_buttons1_add_before : "save,newdocument,separator",
    		theme_advanced_buttons1_add : "fontselect,fontsizeselect",
    		theme_advanced_buttons2_add : "separator,insertdate,inserttime,preview,zoom,separator,forecolor,backcolor,liststyle",
    		theme_advanced_buttons2_add_before: "cut,copy,paste,pastetext,pasteword,separator,search,replace,separator",
    		theme_advanced_buttons3_add_before : "tablecontrols,separator",
    		theme_advanced_buttons3_add : "emotions,iespell,flash,advhr,separator,print,separator,ltr,rtl,separator,fullscreen",
    		theme_advanced_toolbar_location : "top",
    		theme_advanced_toolbar_align : "left",
    		theme_advanced_statusbar_location : "bottom",
    		plugin_insertdate_dateFormat : "%Y-%m-%d",
    		plugin_insertdate_timeFormat : "%H:%M:%S",
    		extended_valid_elements : "hr[class|width|size|noshade]",
    		file_browser_callback : "fileBrowserCallBack",
    		paste_use_dialog : false,
    		theme_advanced_resizing : true,
    		theme_advanced_resize_horizontal : false,
    		theme_advanced_link_targets : "_something=My somthing;_something2=My somthing2;_something3=My somthing3;",
    		apply_source_formatting : true
    	});
    
    	function fileBrowserCallBack(field_name, url, type, win) {
    		var connector = "filemanager/browser.html?Connector=connectors/php/connector.php";
    		var enableAutoTypeSelection = true;
    		
    		var cType;
    		tinymcpuk_field = field_name;
    		tinymcpuk = win;
    		
    		switch (type) {
    			case "image":
    				cType = "Image";
    				break;
    			case "flash":
    				cType = "Flash";
    				break;
    			case "file":
    				cType = "File";
    				break;
    		}
    		
    		if (enableAutoTypeSelection && cType) {
    			connector += "&Type=" + cType;
    		}
    		
    		window.open(connector, "tinymcpuk", "modal,width=600,height=400");
    	}
    </script>
    <!-- /TinyMCE -->
    </head>
    <body>
    <?php
    include '../includes/config.php';
    $id = array_key_exists('id', $_GET) ?
    $_GET['id'] : "1" ;
    
    $select = "SELECT body 
    	FROM leancms_content
    		WHERE id=$id";
    
    $result = mysql_query($select,$dbconnect);
    
    $row = mysql_fetch_array($result);
    
    $body = $row['body'];
    
    echo <<<EOF
    
    <form method="post" action="index.php?action=editc&id=$id">
    	<h3>TinyMCPUK example</h3>
    	<textarea id="elem1" name="elem1" rows="15" cols="80" style="width: 100%">
    	$body
    	</textarea>
    	<br />
    	<input type="submit" name="save" value="Submit" />
    	<input type="reset" name="reset" value="Reset" />
    </form>
    EOF;
    ?>
    </body>
    </html>
    to update the content in the database by this form proccessor

    PHP Code:
    <?php
    if ($_POST) {
    $id array_key_exists('id'$_GET)

    $newcontent $_POST['elem1'];

    $update "UPDATE leancms_content SET
                    body='
    $newcontent'
                        WHERE id=
    $id";
                        
        if (!
    mysql_query($update$dbconnect)) {
            
    $msg "Error Updating Content"
            
    } else {
                
    $msg "Content Successfully Updated"
            
    }
    }
    else
    {
    include 
    'includes/edit.php?id=$id';
    }
    ?>
    Does anyone have any ideas that may fix this
    Regards Phil,


  2.  

  3. #2
    Senior Member leprechaun13's Avatar
    Join Date
    May 2005
    Location
    Northampton
    Posts
    487
    Member #
    10058
    well half there, but why isnt my UPDATE command working with this syntax

    Code:
    $update = "UPDATE leancms_content SET body = $body
    WHERE id = $id";
    Regards Phil,


  4. #3
    Senior Member
    Join Date
    May 2003
    Location
    UK
    Posts
    2,354
    Member #
    1326
    As always, try displaying the variable to see what command is trying to run.

    By the by, you should have a think about security, you do not check/make safe $newcontent or $id .

  5. #4
    Senior Member
    Join Date
    Jun 2005
    Location
    Atlanta, GA
    Posts
    4,146
    Member #
    10263
    Liked
    1 times
    You need single quotes around the body. And possibly need to escape single quotes inside it. [minicode]SET numField = 5[/minicode] works fine, but [minicode]SET stringField = This is a cool string[/minicode] doesn't, for obvious reasons.

  6. #5
    Senior Member leprechaun13's Avatar
    Join Date
    May 2005
    Location
    Northampton
    Posts
    487
    Member #
    10058
    ive got it working anf this is for a CMS so there isnt much need to cleanup the strings but what would you guys suggest
    Regards Phil,


  7. #6
    Senior Member
    Join Date
    Jun 2005
    Location
    Atlanta, GA
    Posts
    4,146
    Member #
    10263
    Liked
    1 times
    My point wasn't that the string needed cleaning up, it was that it needed to be quoted to begin with. Otherwise the query doesn't work because the syntax is invalid.

    As for cleanup not being needed -- how not?

  8. #7
    Senior Member leprechaun13's Avatar
    Join Date
    May 2005
    Location
    Northampton
    Posts
    487
    Member #
    10058
    becasue this will be accessed by admins, what reasons would you give for cleaning it and how would u clean it?
    Regards Phil,


  9. #8
    Senior Member
    Join Date
    Jun 2005
    Location
    Atlanta, GA
    Posts
    4,146
    Member #
    10263
    Liked
    1 times
    Yeah, I'm currently wrestling with that idea as well. I've tended towards the idea that if the data is entered by trusted users, then it's fine. But the problem is, what happens if someone gains unauthorized access and poses as a `trusted' user? Then all of a sudden they can inject Javascript and such into your code.

    The easiest way to avoid this is just to escape *all* data that you output from the database and that was put there by a user.


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Search tags for this page

how to insert text string into mysql database from tinymce 4
,
mysql tinymce example
,
save data to database using tinymce inline
,
save tinymce images to sql
,
tiny mce to mysql database
,

tinymce and database

,

tinymce database

,

tinymce images to database

,

tinymce php mysql

,

tinymce save to database

Click on a term to search for related topics.
All times are GMT -6. The time now is 10:45 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com