Textarea(WYSIWYG text editor) - the html code generated won't save into my DB table..

Hi CF guys,

I have a text-area form on my page...and I made my text-area field like an Editor for my content to be able modify(font,headings,alignment etc).
But when I'm about to insert it to my DB table, insert won't continue.
I've set my table column as Long Text data-type....

I made some testing and debugging and found out that the problem is the generated code produced by my text editor. IS there any possible solution on this one? I badly needed to use the Text Editor and save values into my Database.


Any help or suggestions?

BTW...I used the Tiny MCE or the ckeditor =)

Are you getting an error? What is actually happening when you try to do the insert?

Nope I'm not gettin any error. And I found that the html generated code were not completely saved into my table column.

For example, the generated html code were :


When I actual checked my table-column on the DB, only the

were saved.

That's the reason when I output the value on the page, the display is blank.

Any suggestions or help?

Thanks.

The quotes in your string aren't escaped. Try using cfqueryparam, which should handle escaping the quotes automatically.

By the way, you should always use cfqueryparam for ANYTHING the user is sending into the database, to prevent SQL injection. You're also wide open for XSS exploits with this setup, since the user can enter arbitrary code into your form. So at minimum you'll want to check for any JavaScript in the incoming form data and strip it out.

Thanks for the tips.

I have used the<CFQUERYPARAM> tag on my query insert,
<cfqueryparam cfsqltype="CF_SQL_VARCHAR" value="#form.f_content3#">
but im still getting the same problem/issue.

Thanks

Hmm, what database are you using? Can you post the cfquery itself?

Hi,

I'm using the MySQL Database,(MyISAM engine), datatype is LONGTEXT.

And here's the insert statement.


Any idea on my problem/issue? Thanks.

If you do a

<cfdump var="#form.f_content#"><cfabort>

Just before the query and then run the page, do you see the full HTML text?

Also, if you turn on debugging for SQL, do you see the full HTML content in the debugging output for this query?

Just for fun, you could try using single quotes around the value, like:

<cfqueryparam cfsqltype="cf_sql_longvarchar" value='#form.f_content#'>

You are right, I need to play around a little on it.

Anyways, I found that generated codes breaks when I put them on a hidden textfield.
Because,I have a preview page before I insert them into DB, so I have to hide them in form before inserting it to the next page.

My solution for now is to remove the preview page, and insert immediately after Submit button is clicked. I'll display the preview page after insert, and they have an option for update.

Thanks!

Use HTMLEditFormat() to escape the value in your hidden field and it should carry over to the next page just fine.