Save HTML-Formatted Text to Database

save html-formatted text to database

Try using htmlspecialchars() on the string to put into the DB, and then, when pulling it back out, use htmlspecialchars_decode(). Might make a difference.

How to Save Html Formatted Text in Database Safely ? PHP - MYSQL

I would simply save the information with the tags between quotes and use the following :
http://php.net/manual/en/function.strip-tags.php

Hope it helps, the second comment from the above site is a good example, more specifically

http://php.net/manual/en/function.strip-tags.php#86964

Storing HTML formatted text in database

Save it to a nvarchar(max) field. Make sure you use parameterized queries for security. Read http://www.aspnet101.com/2007/03/parameterized-queries-in-asp-net/

Storing formatted HTML text in database

We actually use a CMS for the primary pages of our site, and the heart of it uses a database vs actual files on the system. So for most of the content on our site, we actually have HTML which is being retrieved from a database.

For example

blurb.body will equal something like '<p>This is a body paragraph</p>'

Then one thing we seem to run into sometimes is a character encoding error. It seems like if someone copies some text into the CMS with a " ' " or something, there isn't anything that will convert it automatically to a '.

But yes, you should be able to do it. Just make sure whatever filtering you do going into the database is reversed correctly on its way out.

How to send text area data with formatting to a database and retrieve it the same way

You can take the user entered list (or any rich-text) store it in mongodb as HTML.

Check this article for more details about how to do it: Link

This should give you the flexibility to add meta-information about making the text bold, italic etc.

How to insert data into database with encoded HTML tags using JavaScript and PHP through rich text editor?

Use tinymce.activeEditor.getContent() to get html content from tinymce editor

tinymce.init({
    selector: 'textarea',
    ...
});
  

$('#dataBtn').click(function(e){
    e.preventDefault();
    // to get html content from tinymce
    var myContent = tinymce.activeEditor.getContent();
    const data = $('#dataForm').serializeArray();
    data.push({name: 'details', value: myContent});

    $.post(
        $('#dataForm').attr('action'),
        data,
        function(result) {
            $('#dataResult').html(result);
        }
    );
});

In PHP

$details = json_decode($_POST['details'], true);

Demo

Silverstripe 3.3 - How can I save HTML formatted text into database from frontend form?

OK - from your comment it appears your example code isn't what you're actually doing and you're using a TextareaField instead of an HTMLEditorField.

This is fine, so you have a couple of choices:

1. Add the HTML before writing the form submission:

   public function submit($data, $form) {
   $myDataobject = new MyDataobject();
   $form->saveInto($myDataobject);
   $myDataobject->MyText = sprintf('

   %s

   ', nl2br(Convert::raw2xml($data['MyText'])));
   $myDataobject->write();

     $form->sessionMessage('Message saved.','good');
     return $this->redirectBack();
   

   }

Please note the use of Convert::raw2html - without this, you'll likely be vulnerable to a malicious user who submits HTML to perform an HTML injection attack.

2. Add a setter on the Model:

   class MyDataobject extends DataObject {

   ...

   public function setMyText($value) {
       return $this->setField('MyText', sprintf('<p>%s</p>', nl2br(Convert::raw2xml($value)));
   }
   

   }

This approach will likely be quite fragile as any time the value is set, it'll be encoded which could be when you're deliberately setting HTML.

Recommended solution: #1

---

Related Topics