It's advisable that before inserting into the DB, you should always escape with
addslashes($value)
Pregunta
I am programming a new website which add topics to database.
I made input for title and textarea for content and I use wysiwyg editor with the textarea to add some effects to my articles.
The problem is that when I try to insert data to db it fails to insert the content of textarea and when I remove the wysiwyg it works perfectly.
I am using is PHP and i use jQuery to insert data without refreshing the page.
This is the code i am using===>
ajax.js
$('#share').click(function(){
var title=$("#tilearticle").val();
if(title== ''){$('#tiart').show('slow');}
else{
var datastring= $("#form1").serialize();
var url1='action.php?action=article';
$.post(url1,datastring,function(info){$("#res").html(info);});
}
});
action.php
if($_GET['action']=='article'){
$get=$_GET['action'];
$title=$_POST['title']; // get data from title input
$content=$_POST['ckeditor1']; // get data from textarea
$image=$_POST['image'];
$date=date("Y/m/d");
$newtitle=string_limit_words($title, 6);
$urltitle=preg_replace('/[^a-z0-9]/i',' ', $newtitle);
$newurltitle=str_replace(" ","-",$newtitle);
$url='/'.$newurltitle.'.html';
$sql=mysql_query("INSERT INTO article (id,title,img,content,url,time ) VALUES
('','".$title."','".$image."','".$content."','".$url."','".$date."')") or die(mysql_error());
if($sql){
echo 'work';}else{echo 'nooo';}
}
add.php // add article page
<form class="form-horizontal" action='action.php?action=article' method='post' id='form1' role="form">
<div class="form-group">
<label for="inputEmail3" class="col-sm-2 control-label">title</label>
<div class="col-sm-10">
<input type="text" class="form-control" name='title' id="tilearticle" placeholder="title">
<span id='tiart'style='color:red;display: none;'><i class='glyphicon glyphicon-info-sign'> </i> pleas fill in the field</span>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<div class="checkbox">
<textarea class="form-control ckeditor" name='ckeditor1' id='textarea' rows="4"> </textarea>
</div>
</div>
</div>
<div class="form-group">
<label for="exampleInputFile">File input</label>
<input type="file" name="image"id="filearticle">
<p class="help-block">Example block-level help text here.</p>
</div> ';
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="button" name='submit' id='share' class="btn btn-default">Post</button>
</div>
</div>
</form>
No hay solución correcta
Otros consejos
It's advisable that before inserting into the DB, you should always escape with
addslashes($value)