I'm using Ckeditor to allow people to format text and then insert in database using mysqli parametized query as follow :
if (isset($_POST['editor1'])) {
$editor1 = htmlentities($_POST['editor1']);
//insert variables in table blog_post
$insert_blog_post_q= $conn->prepare("INSERT INTO blog_posts (blog_body) VALUES (?)");
$insert_blog_post_q->bind_param('s',$editor1);
$insert_blog_post_q->execute();
$insert_blog_post_q->close();
}
When I output the results it creates r\n problems in between the paragraphs as follow
Hello im a title
r\n
More text
r\n
Text text
r\n
This problems will also creates back lashes in img src like this :
<img src='\"https://myimage.com"\'>
This will cause all the image links to be broken.
How can i fix this problem? Thank you
This was not duplicate for me honestly I did not find all the answers to my problems in the suggestions above. However I did solve my problem with the manual.
I output mysqli select result as follow :
//fix r\n from blog post body
$blogpostbody = str_ireplace(array("\r","\n",'\r','\n'),'', $blog_p['post_body']);
//remove backlashes that cause pictures to be broken
$blogpostbodynolashes = stripslashes($blogpostbody);
Related
Please can somebody be so kind to show me the syntax for using cloneblock in phpword.
So Ive got data in a MySQL DB, and for the single rows that I need to import into my word doc via phpword it works fine....to run my query and search and replace with template processor. BUT, now I want to insert multiple rows into my word document. I've researched and found that the cloneblock method is the answer. However I cannot get it working....currently my code runs but it doesn't seem to get to the second row.
I actually dnt get any error messages. My code executes fine...but the end display word file doesn't display fine....and if you see my code I got an echo statement...which echo's out in my browser exactly what I want "damaged" &"good", (as an example given of one of the row data) but that data doesn't get pulled into my word doc like that...it duplicates "damaged" , "damaged". .
$group_key=1;
do {
//loop to increase my uuid - ($repeatgroup')
$repeatgroup = $id."/"."trailer_repeat_group"."[".$group_key."]";
// query string
$trailer_repeat_grouping = mysqli_query($connect, "SELECT * FROM trailer_repeat_group LEFT JOIN main on trailer_repeat_group.PARENT_KEY = main.metainstanceID WHERE trailer_repeat_group.KEY_id = '$repeatgroup'");
$templateProcessor->cloneBlock('CLONEME', $trailer_count);
while ($row1 = mysqli_fetch_array($trailer_repeat_grouping)) {
//this echo below I am using to test exactly what happends – independent of
//PHPword/templateprocessor
echo $rttc = $row1['right_trailer_tyre_condition'];
//inserting / searching / inserting values
$templateProcessor->setValue("right_trailer_tyre_condition", $rttc);
}
// ending of loop / checking loop
$group_key++;
} while ($group_key <= $trailer_count);
I've done investigation and found the solution.
You're cloning same blocks N times:
$templateProcessor->cloneBlock('CLONEME', $trailer_count);
and then by doing fetch You're trying to replace right_trailer_tyre_condition with some value:
$templateProcessor->setValue("right_trailer_tyre_condition", $rttc);
Issue is that You're replacing all placeholders.
But in fact You need to replace them one by one with different values.
Solution is to define 3rd argument that means count of items to replace.
Simply change it to be:
$templateProcessor->setValue("right_trailer_tyre_condition", $rttc, 1);
It's new for me to use richtext but a user has to be able to insert pictures or to change his text. So I'm using ckeditor but i've some trouble with it.
When a user write into the rich text he can write things using apostrophe and comas.
I'll use an example. Let's imagine i want to write :
It's quite difficult to open a picture, a file blablabla
The problem is that in the inserting query looks like that
Insert into tab (txt1,txt2) values ('value1','value2')
If the user uses comas or apostrophe the richtext cannot be correctly inserted. Moreover, I use longtext in my MySQL database to store the text.
My questions are :
How to store the richtext written by the user
What type should be the column in my MySQL database to correctly store the richtext to be able to give it back
The problem i have is
Erreur SQL !INSERT INTO detail_article(ID,Problem,Num,URL,Solving,Description) VALUES(16,'Chrome : clearing datas',4,'','
\r\nCHROME CACHE CLEARING :
\r\n\r\n
blablabala
\r\n\r\n
In the 'windows explorer', do the fallowing statment....blablabla
\r\n','')
It's a sample of my text but i think the problem is caused by the quotes and the coma
Your problem must come from your PHP script which seems not to escape the pieces of data it send.
If it's not working with the richtext containing commas and apostrophes, then it's probably that the query send to your database isn't escape.
For example, if you have such content :
$value2 = "Catch',em all";
$value1 = "Hello boys";
And if you try to store it in database without escaping it, then the resulting SQL query will looks like :
INSERT INTO tab (value1, value2) VALUES ('Hello boys', 'Catch', em all);
which will be an incorrect SQL statement because of incorrect syntax.
If you use some escape method like PDO::quote(), your input will be inserted in a safe way that won't produce any error (syntax).
Make sure your script does escape the params you send with either PDO::quote() (https://php.net/manual/fr/pdo.quote.php) or either mysqli_real_escape_string (http://php.net/manual/fr/mysqli.real-escape-string.php)
so here's what I want to do, I want to be able to cache a whole web page, which would be something like this
$domain = "cnn.com";
$title = "CNN";
$cacheado = file_get_contents('http://www.google.com');
$ingresar = "INSERT INTO indexed_links (link, title, cacheado) VALUES ('$domain', '$title', '$cacheado')";
$db_on = mysqli_connect('localhost', 'root', 'pass', 'data_base');
mysqli_query($db_on, $ingresar);
My great concern is, I tried to do this exact code with the page example.com, which would be $cacheado = file_get_contents('http://example.com');
Which worked completely fine, it added the whole HTML code to the page, which is something somewhat short, it's an easy HTML code, now, Google and a bunch of other sites got more codes into their HTML, as a result, sites with longer HTML codes are not going through the mysqli_query query, which I suppose it has to do with MySql and not PHP because the code works just fine with example.com...
The column of the table which I want to insert the HTML code is cacheado, which has a type set in the MySQL database of text, does this have something to do?
The problem is not with the datatype. Instead, you failed to escape the strings before building the INSERT statement.
In particular, there was probably an apostrophe (') in that web page.
Change field type from TEXT() to VARCHAR(65535). It is the max lenght I now you can set for a field.
I have a mysql database with an 'address' field (VARCHAR). I also have a html table that is used to display the addresses of different staff members.
My problem is that data is stored in the address field of the database with linebreaks between each line of the address, but when the data is displayed in the table the line breaks are not there, so the entire address is displayed on one line. How can I fix this?
I'm sure this is a question that is asked all the time, but I can't find the answer anywhere. I'm new to PHP so please forgive my naivety.
UPDATE:
This is basically my code:
if(isset($_POST['submit'])) {
$address = $_POST['address'];
$queryupdate = "UPDATE Staff SET
address= :address WHERE id= :id";
$q = $db->prepare($queryupdate);
$q->execute(array(
":id" => $id,
":address" => $address));
The data in the $address variable is taken from a simple textarea.
Actual line breaks are never shown in HTML unless the word-wrap is set to pre, or an actual pre tag is used. However, to overcome this you can use the nl2br() functionality in PHP. What you'll need to do is use the nl2br() before outputting your data to the browser, and it will give you a HTML formatted string back where the line breaks are prepended by <br> tags.
See the documentation about nl2br() here: http://php.net/manual/en/function.nl2br.php
Using help from #Boy :
I added 'nl2br' before the output of my string.
i might be doing some idiot mistake, but i could not figure that out. i have some values coming from html and wanna insert into mysql db. problem is, the very same query does not work in regular php file (that includes other queries), but when i try on an independent php file, it does. here is a sample of the code:
$sql15="insert into body
(Article_ID, Article_Title)
values
('$article_id', '".$_POST['Article_Title']."') ";
mysql_query($sql15);
as i mentioned, the very same code works when i just copy this snippet to a new php file, and it works smoothly.. as you see, there are 20+ insert with the same php, because there are 25+ tables, but data is not much. first 14 query and following 7 queries do work by the way.
do you have any ideas?
There are some things to check and do.
Sanitize user input:
"('$article_id', '".mysql_real_escape_string($_POST['Article_Title'])."')";
You might also want to check if the value is what you expect.
Is your $article_id correct for column Article_ID?
Are your table and column names correct?
Check for errors:
$res = mysql_query($sql15);
if (!$res)
echo mysql_errno($link) . ": " . mysql_error($link);
Show us you complete query:
echo $sql15;
First of all i would suggest you to write your insert query like below
$sql15="insert into body SET Article_ID = '$article_id', Article_Title = '".$_POST['Article_Title']."'";
echo $sql15;
mysql_query($sql15);
so that each time when you add new column to database it would be easy for u to change insert query. echo your query and see it in browser. in it seems to o.k then copy it and paste it in SQL section under your phpmyadmin (see you are choosing proper database) and run it. if one row inserted successfully then your query is alright.
I hope this would help you a little.
$sql15="insert into body
(Article_ID, Article_Title)
values
('$article_id', '".$_POST['Article_Title']."') ";
mysql_query($sql15) or die(mysql_error());
use like this u will be get the error. then u will be find the issue
I think using mysql_real_escape_string may solve your problem.I also recommend you to store your form data in a string.
$article_title= mysql_real_escape_string($_POST['Article_Title']);
$sql15="insert into body
(Article_ID, Article_Title)
values
('$article_id', '$article_title') ";
mysql_query($sql15) or die(mysql_error());