1

Hey all i seem to be having problems with getting the full HTML code from the tinyMCE box when sending over to my PHP page to save to the database.

My Ajax code is this:

console.log('type=' + theType + '&rID=' + theReplyID + '&email=' + $('#email').val() + '&name=' + $('#name').val() + '&fb=' + FB + '&com=' + tinyMCE.activeEditor.getContent());
    $.ajax({
        type: "post",
        url: "post.php",
        cache: false,
        data: 'type=' + theType + '&rID=' + theReplyID + '&email=' + $('#email').val() + '&name=' + $('#name').val() + '&fb=' + FB + '&com=' + tinyMCE.activeEditor.getContent(),
        success: function(data,status){         
            showMsgBox('Your comment has been posted!','OK','blue');
        },
        error: function(xhr, desc, err){
            showMsgBox('Error while saving comment data','OK','red');
        }
    });

The console.log outputs the correct test data:

type=C&rID=&[email protected]&name=david dev&fb=na&com=<p>this is just a test&nbsp;    </p>
<p>here&nbsp;</p>
<p>and here</p>

But when it saves it to my database it only has:

<p>this is just a test

My PHP page looks like this:

<?PHP
   $type = $_POST['type']; //R(reply) or C(comment)
   $email = $_POST['email'];
   $name = $_POST['name'];
   $fb = $_POST['fb'];
   $comment = $_POST['com'];

    $dbhandle = mysql_connect("xx.xxx.xxx.xxx", "xxxxx", "xxxxx") or die(mysql_error());
mysql_select_db("Gvth") or die(mysql_error());

$result = mysql_query("SELECT * FROM UserInfo WHERE Email = '" . $email . "'");  
$count = 0;

while($row = mysql_fetch_assoc($result)) {
    $count++;       
    $id = $row["id"];
}

mysql_close($dbhandle);

   $dbhandle = mysql_connect("xx.xxx.xxx.xxx", "xxxxx", "xxxxx") or die(mysql_error());
    mysql_select_db("Gvth") or die(mysql_error());

    $result = mysql_query("INSERT INTO UserComments (UserInfoID,Comment,ImageUploaded,commentID,accepted,dt) 
    VALUES (" . $id . ",'" . $comment . "','na'," . $id . random_numbers(4) . ",1,'" . date('Y-m-d g:i:s',time()) . "');");
    mysql_close($dbhandle);
Improve this question
4
  • first of all... the mysql_* functions are deprecated use pdo or mysqli. second escape your values (if you keep using the deprecated functions use mysql_real_escape_string($comment) and how big is your comment field in your database table Commented Apr 8, 2013 at 19:39
  • @Miguelo the field is set to LONGTEXT Commented Apr 8, 2013 at 19:40
  • ok what happens if you put mysql_real_escape_string around all your variables in your query Commented Apr 8, 2013 at 19:42
  • @Miguelo using mysql_real_escape_string($comment) does not seem to help the issue. Commented Apr 8, 2013 at 19:42

2 Answers 2

Reset to default
1

if you want to create your querystring by hand (which i don't recommend), you will have to make sure al special chars like & are url-encoded. You can do this with encodeURIComponent.

So please change

data: 'type=' + theType + '&rID=' + theReplyID + '&email=' + $('#email').val() + '&name=' + $('#name').val() + '&fb=' + FB + '&com=' + tinyMCE.activeEditor.getContent(),

to

 data: 'type=' + theType + '&rID=' + theReplyID + '&email=' + $('#email').val() + '&name=' + $('#name').val() + '&fb=' + FB + '&com=' + encodeURIComponent(tinyMCE.activeEditor.getContent()),

An even better way to pass data with jQuery post is to pass an object to data instead of a querystring. Like so:

data: {type: theType, rID: theReplyID, email: $('#email').val(), name: $('#name').val(), com: tinyMCE.activeEditor.getContent() },

This way, you won't need to escape any special characters.

Also, on the server side (in your PHP script) you should always escape user-posted data before inserting it to your database, with mysql_real_escape_string() like Miguelo mentioned.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

You got it, Jules. Thanks for the help!
0

You can add a class to all of the form data you want to use. Something like .formdata

Then, you can do this in place of the written out object:

$('.formdata').serialize();

That will create the object for you.

As for working with tinyMCE, I used to use this before I attempted to save the data.

tinyMCE.triggerSave();
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.