[SOLVED] Saving HTML Tags in MySQL

[cooldude4u2no]

Hello everyone!

 

I have a quick question that im assuming has a simple answer. How do i save all data from the Text inside a <Textarea> including HTML tags.

 

Example:

 

(If a user typed in the following)

 

<table width="100%">

<tr>

<td align="center" colspan="2">

Basic Table

</td></tr><tr><td>

Basic Cell 1

</td><td>

Basic Cell 2

</td></tr>

</table>

 

When i try the above and save it to the database table the output is:  Basic Table Basic Cell 1 Basic Cell 2 It extracts the HTML Tags.

Ive tried mysql_real_escape_string but recieve a "Could not link to database error". I know there is a way to do this, i just cant figure it out.

 

Thanks for your help.

[jackpf]

What do you mean?

If a user types something into a textarea, and you post it and insert it into a database, it should be preserved as is.

What is actually being inserted into the database?

[cooldude4u2no]

Welp, lets see. Im working on a Addon for CsCart shopping cart software which is all PHP and MySQL with Smarty. Im trying to make a page generator that generates and stores HTML pages for the store. However when it generates the HTML it looks just like its suppose to. But when I insert the data into the MySQL database it extracts the HTML tags. and leaves just the Text within then HTML Tags. To me it doesnt make sense.

[jackpf]

I've just tried it on my pc and html tags are intact. You must be running strip_tags() on it somewhere.

[cooldude4u2no]

Thats what i thought, ive searched all of my {include files} and all functions im using. None of them have that function implemented. You think maybe it could be a server bug?

[teynon]

If your database error has to do with link, your not successfully connecting to the database. Is it even inserting information? Try outputting the data or putting mysql_error() and showing us exactly what its saying.

[cooldude4u2no]

Yeah its inserting data, just not <HTML> tags. Heres my form code. I dont think my form is sending the information right.

This is a .tpl file used with the Smarty Templater.

<Form name="fm" action="admin.php" method="POST">
<input type="hidden" value="page_manager" name="target">
<input type="hidden" value="send" name="mode" id="mode">
<TEXTAREA name="page_body" id="page_body"></TEXTAREA>
<BR><BR>
{include file="buttons/button.tpl" but_arrow="on" but_text="Save" but_style="input" but_onclick="javascript: fm.mode.value='send'; submit();"}
{include file="buttons/button.tpl" but_arrow="on" action_but="action_" but_text="Preview" but_style="input" but_onclick="javascript: fm.mode.value='preview'; submit();"}
</form>

 

This is a cutdown version. The textarea is the only input that wont insert data (or all of it) it extracts all HTML tags. I checked this by going into my php script it posts to and its only recieving everything between the tags.

[teynon]

Wait, between the textarea tags?

 

Can you do the following and show me what it says:

Show the code you are posting in the textarea.

 

Then on the next page, before anything else happens, place a "print_r($_POST);" and tell me what the value of the "page_body" is after posting. If it posts fine, then smarty may be stripping html tags and you will have to find out what part of SMARTY is modifying your form submissions.

[cooldude4u2no]

Sure thing. Heres what i got:

 

I entered this in the textarea:

 

<HTML><HEAD></HEAD><BODY><TABLE><TR><TD>CELL 1</TD></TR><TR><TD>Cell 2</TD></TR></TABLE></BODY></HTML>

 

and my post result was this:

 

Array ( [target] => page_manager [mode] => preview [emails] => [id] => all [n_email] => [from_email] => email@something.com [page_body] => CELL 1

Cell 2

 

So maybe smarty is actually stripping the tags?

 

[cooldude4u2no]

Sorry for the double post but i got to thinking. Do you think that maybe smarty is thinking those tags are for the current template and trying to display them instead of passing them off as a string value? I tried using {literal}{/literal} with no sucess but maybe I used them in the wrong place?

[teynon]

Ok, first, did you place the print_r($_POST); directly at the top of the page? Secondly, did you view the source to ensure the tags didn't output? If you look at it in the browser, you wont see the html tags. If you are doing that print_r before anything else, that code should still be partially intact.

[jackpf]

Why don't you try running a test script that inserts some html tags into your database. If it works, smarty is the problem, if not, the database is your problem. I don't actually know what smarty is, so if that's the problem, I don't know how to help.

[cooldude4u2no]

Smarty is basically a templater. I dont know anything about it, I had to learn a little about it on how to assign values to it to pass them to the template file. So if thats the problem i dont know a way around it. Im thinking it may be smarty though, because I just programed a application in C# to connect to a database and query it for this same website. It basically did the same thing except now im trying to get a web interface. The software i programed inserted the values just like it was suppose to. Is there a way to convert that TEXTAREA text in to a string value using JS or something and then pass it to my POST script?

[jackpf]

I presume it's the script that's removing the tags then, so that wouldn't help.

 

I don't know enough (anything) about smarty's code, so I am unable to offer a solution.

 

Is it really necessary that you use this templator? Can you not just code it yourself? It'll probably make things a whole lot easier tbh.

[teynon]

Once again, did the you check the output of the print_r by viewing the source? Html tags won't show up in the browser if it did go through.

[cooldude4u2no]

Ive tried that approach already. CsCart is based on smarty, to pull the whole site together it relies solely on it. (Example: the administration area uses about 15 different files to make up the whole page, different functions to add this and that) When i tried coding all of this myself all of the functions in CsCart wouldnt work. This CsCart software is pretty complex to me since i only know basic PHP now. Its been about 10 years ago when i last worked with PHP, didnt even know smarty existed until 2 weeks ago.

[cooldude4u2no]

Once again, did the you check the output of the print_r by viewing the source? Html tags won't show up in the browser if it did go through.

 

yep. Same thing. unfortunately.

[teynon]

Ok, and you placed this code before anything executes? If your calling blah.php, make sure blah.php is the file you place that print_r on at the top. Don't put it in an include "file" because that means smarty has control of it before you have done anything.

[cooldude4u2no]

Ok, and you placed this code before anything executes? If your calling blah.php, make sure blah.php is the file you place that print_r on at the top. Don't put it in an include "file" because that means smarty has control of it before you have done anything.

 

This is the PHP script my form POSTS to.

 

Condensed Code:

<?php
if (!defined('IN_CSCART') ) { die('Access denied'); } 
if ($mode == "preview") {
print_r($_POST);
db_query("UPDATE cscart_language_values SET value='{$page_body}' WHERE name='tmp_page'");
$smarty->assign('body', $page_body); 
if (empty($smarty->_tpl_vars['body'])) { 
$smarty->assign('body', "No Information Entered");
}
fn_show_template("custom_pages/page_preview.tpl", $smarty); exit;  
}
?>

[teynon]

Based on your code, smarty has already taken charge of the page. Which tells me immediately that Smarty is modifying your post values. You should be able to change settings on smarty to allow html posts. Some research on Smarty is turning up things like this: $smarty->default_modifiers = array('escape:"html"'); It's hard to know the solution without being able to actually see the code. This is why I dont use smarty, etc. They hijack my site.

[cooldude4u2no]

Yah well im not liking it much anymore, yeah in a way its convienient, but then again it makes it a pain to do the simplest things. Like now. I would post the whole code but its quite a few files long. Its quite a bit of code. But I appreciate you guys helping out, and ill post back if i figure out something.

[cooldude4u2no]

Finnaly figured it out. It was actually in smarty. CsCart set some default value to not allow any input fields to contain HTML tags. So when you submit a form, it automatically strips it. However, there was this little unknow function i did not know about fn_trusted_vars(var) i added this to the top of my php file like so: fn_trusted_vars(page_body); and bingo, it allowed me to pass HTML tags via POST. Im not sure how this function works or where it even is. But if anyone else has this problem, let me know and i may be able to help. Again thanks to everyone who helped me

[jackpf]

It probably induces an array_map() of all post variables and strips the tags from them. Jolly good.