garry Posted May 25, 2008 Share Posted May 25, 2008 Alright, so hopefully this wont be too hard to solve. I'm using TinyMCE editor on my site, and it allows users to add styles to text. The problems arise when it uses the <span> tag. Say for example, if TinyMCE added <span style="somethinghere">some text here</span>. Because I have mysql_real_escape_string on, it will escape the style="" to become style=\"\" and so the styles won't display How can I make it so that it won't escape inside the tags that I specify to fix this? Thanks! Quote Link to comment Share on other sites More sharing options...
trq Posted May 25, 2008 Share Posted May 25, 2008 mysql_real_escape_string only escapes data while it is being inserted into your database. Your database shouldn't store the slashes as well. If your data is being stored with the slashes in place then there is something wrong. Make sure magic_quotes_gpc() is not enabled. Quote Link to comment Share on other sites More sharing options...
Wolphie Posted May 25, 2008 Share Posted May 25, 2008 Most visual editors have their own security. E.g. for escaping and securing. (I've never had a problem with TinyMCE) Quote Link to comment Share on other sites More sharing options...
garry Posted May 25, 2008 Author Share Posted May 25, 2008 I'm sure I read on the TinyMCE website that they do not escape the data. And also, if javascript is disabled, it will just be a regular textbox and it can be exploited Quote Link to comment Share on other sites More sharing options...
Wolphie Posted May 25, 2008 Share Posted May 25, 2008 Try using strip_slashes(); Quote Link to comment Share on other sites More sharing options...
garry Posted May 25, 2008 Author Share Posted May 25, 2008 Yep, I just figured it out after I posted that last post but thanks heaps for your help Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.