So I'm using Markdown to format text input from user:
http://michelf.com/projects/php-markdown/
But I'm doing this destructively, so the text turns into HTML before database update. Can I transform it back to markdown when displaying it on the screen? The reason is that I want to allow the user to edit that text, and need it in the original form...
You should have two columns in your database: the original input (markdown syntax) and your post-markdown HTML.
When the page is loaded you pull the HTML.
If the user wants to edit you pull the markdown syntax original, and upon edit completion overwrite the HTML stored in the database.
Have you tried http://milianw.de/projects/markdownify/ ?
However, I should note that you should generally not store display formats in your database. It's worth considering storing the markdown in the DB and converting it to HTML on demand.
Related
What is the most secure way to save data from a textarea that contains a <pre><code> text in it? , using strip_tags will remove all the tags from the text..
is it save to use this:
strip_tags($input, '<pre><code><other accepted tags except script,php,...');
or should I do other things too?
What is the most secure way to save data from a textarea that contains a <pre><code> text in it?
Save it as it is.
When you take that data back out of the database and put it into a web page, call htmlspecialchars on it first to escape it so that it looks like normal text on the page.
If you want the user to be able to input actual markup, but you only want to allow certain tags, then you've got a different problem and you want something like htmlpurifier.
Either way, the input or database layer is not the right place to be worrying about output formatting concerns.
If you are saving the contents of the text area to mysql database you should use mysqli_escape_string. before saving the data.
Also you can remove javascript tags from the posted data using regular expression. e.g preg_replace
I am using a Markdown package inside my Laravel 4 application to store user input from textareas into my DB.
https://github.com/vtalbot/markdown
This works perfectly using:
Markdown::string('#test');
However, when I edit a record and set the value of a textarea to the existing data in the DB (the data that was formatted for entry), elements such as P tags are shown, which isn't ideal.
Does anyone know of a way to "reverse" markdown for this? Maybe I should be approaching this differently?
Thanks.
You don't reverse it. You store the unparsed version in the database and parse it when you display it to the user. And if you want to save on some overhead when parsing then you can cache it in some form. Either via an actual cache, like redis or memcached, or you store it in an additional field in the database and update the parsed version whenever it is updated.
I am using Codeigniter with MySQL database. What the script does is it takes some HTML code containing the HTML tags, insert them into the database and then retrieves the HTML code later in time.
Problem: I notice that all HTML tags, upon selecting rows from MySQL tables, are missing with the exception of <br />
Is Codeigniter/MySQL removing the HTML tags somewhere between retrieving the code, passing it from controller to model, and the model inserting the HTML code into a MySQL table column? How can I prevent it from removing HTML tags for just this specific situation?
It sounds like an issue with the initial insertion via a text editor.
Text editors insert allot of style=“anything” and the xss_clean()
method will strip those. Use html purifier for your editor content and
xss_clean() for all the other fields.
Source: http://codeigniter.com/forums/viewthread/196303/
I have this textfield in a html form, which I want to insert into my MySQL database using php.
But, I want the typed text to get HTML formatting, so I can easily display it on my website.
How can I do this?
The row where it should be inserted into the MySQL database is of the type: text.
The reason I want to know this, is because normally a textfield doesnt output linebreaks...
IF you want to have the newlines, use the PHP function nl2br() so you will get the new lines.
If any HTML is typed into that box. you will get it.
However, I recommend not storing the <br> or HTML tags you add manually to the database, but do it later. The nl2br() function should be called after you get it from the database.
Documentation: http://www.php.net/manual/en/function.nl2br.php
you can use this function to store in database
$a = htmlentities($orig);
http://php.net/manual/en/function.htmlentities.php
use this function when fetch data from database to show on page
$b = html_entity_decode($a);
http://php.net/manual/en/function.html-entity-decode.php
Are you looking to have the ability to create HTML using a WYSIWYG editor or will you hand type it in. I would recommend FCK Editor, we use it on our site and it works great.
CKEditor - WYSIWYG Editor
I'm creating my own blog in PHP and want to know your opinions on how I should format my post content.
Currently I store the post content as just plain text, call it when necessary, then wrap each line with P tags. I did this in case I wanted to change the way I formatted my text in the future and it would save me the dilema of having to remove all P tags from the posts in the DB.
Now the problem I have this this method is that if I want to add extra formatting in, e.g. lists etc those would also be wrapped with P tags which is not correct.
How would you do this, would you store text as plain text in the DB, or would you add the HTML formatting and store that in the DB to?
I'd prefer not to store unnessary HTML in the DB, but not sure of a way around it?
I think the best way would be to keep the html in the db. You would have too much to work with parsing the text if you don't use html.
See how it's done in other blog tools. I know that Joomla, for example, keeps all html in the db. I know Joomla isn't blog tool :) but still...
Wordpress stores html in the db. You say you are concerned about storing 'unnecessary' html in the db. What makes it unnecessary? I think it is the opposite. You may have headings or bold or italic text in your post. If storing as plain text, how do you save this formatting? How are you saving the lists you mentioned?
I see it as a better practice to store raw user input in the database, and format it on output, caching the result if it is needed. That way you can change the way you are parsing things easily without having to regex-replace anything inside the database. You can also store the raw input in one column, and the formatted HTML in another one.
I assume that you are formatting your raw text with the Markdown or the Textile syntax?
If you store HTML in your DB, you will be just a few clicks away from your current situation:
you can use strip_tags() to remove HTML formating and in case of bigger changes, you can run HTML Tidy on your code to remap tags and classes.