CKeditor 和 TinyMCE 在发布的内容上输出 HTML 标签
CKeditor and TinyMCE output HTML tags on published content
我知道这是一个旧的,因为我已经在网上搜索了 3 个小时,但我就是想不通这个。我知道我必须在我的代码中的某处放置 html_entity_decode 或 htmlspecialchars_decode,因为我相信 html 实体在从数据库中提取时不会转换回来......但是在哪里?无论是编辑还是创建都没关系...我尝试同时使用 CKeditor 和 TinyMce..同样的事情发生了..没有插件..所以没有对编辑器进行任何更改..
这里是编辑
<?php find_selected_page(); ?>
<?php
if (isset($_POST['submit'])) {
// Process the form
$id = $current_subject["id"];
$menu_name = mysql_prep($_POST["menu_name"]);
$position = (int) $_POST["position"];
$visible = (int) $_POST["visible"];
$content = mysql_prep($_POST["content"]);
// validations
$required_fields = array("menu_name", "position", "visible", "content");
validate_presences($required_fields);
$fields_with_max_lengths = array("menu_name" => 30);
validate_max_lengths($fields_with_max_lengths);
if (empty($errors)) {
// Perform Update
$query = "UPDATE subjects SET ";
$query .= "menu_name = '{$menu_name}', ";
$query .= "position = {$position}, ";
$query .= "visible = {$visible}, ";
$query .= "content = '{$content}' ";
$query .= "WHERE id = {$id} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
// Success
$_SESSION["message"] = "Stranica uređena.";
redirect_to("manage_content.php?subject={$id}");
} else {
// Failure
$_SESSION["message"] = "Uređivanje stranice neuspjelo.";
}
}
} else {
// This is probably a GET request
} // end: if (isset($_POST['submit']))
?>
这是回显的地方
<textarea name="content" id="editor1" class="form-control" rows="20" cols="80"><?php echo htmlentities($current_subject["content"]); ?></textarea>
<script>
// Replace the <textarea id="editor1"> with a CKEditor
// instance, using default configuration.
CKEDITOR.replace( 'editor1', {
language: 'hr',
} );
</script>
函数如下
function find_all_subjects($public=true) {
global $connection;
$query = "SELECT * ";
$query .= "FROM subjects ";
if($public) {
$query .= "WHERE visible = 1 ";
}
$query .= "ORDER BY position ASC";
$subject_set = mysqli_query($connection, $query);
confirm_query($subject_set);
return $subject_set;
}
function find_subject_by_id($subject_id, $public=true) {
global $connection;
$safe_subject_id = mysqli_real_escape_string($connection, $subject_id);
$query = "SELECT * ";
$query .= "FROM subjects ";
$query .= "WHERE id = {$safe_subject_id} ";
if($public){
$query .= "AND visible = 1 ";
}
$query .= "LIMIT 1";
$subject_set = mysqli_query($connection, $query);
//Test if there was a query error
confirm_query($subject_set);
if($subject = mysqli_fetch_assoc($subject_set)) {
return $subject;
}else {
return null;
}
}
function find_selected_page($public=false) {
global $current_subject;
global $current_page;
if(isset($_GET["subject"])) {
$current_subject = find_subject_by_id($_GET["subject"], $public);
$current_page = null;
}elseif (isset($_GET["page"])) {
$current_page = find_page_by_id($_GET["page"], $public);
$current_subject = null;
}else{
$current_subject = null;
$current_page = null;
}
}
所以,最后它应该是这样的:
这是public页面
上的一些文本
相反,它看起来像这样
<p>Here is <strong>some</strong> text on the public page</p>
从您需要查看的代码中是否还有其他要添加的内容?
有什么建议吗?
是否可以显示回显的原始文本,然后编辑器在不使用 html 标签的情况下获取并显示它?
或者我该如何使用它?
PHP’s strip_tags() equivalent MYSQL function
如果我添加
$content = mysql_prep(strip_tags(html_entity_decode($_POST["content"])));
然后就没有文本格式了..
提前致谢...
我明白了...原来我看错了东西...我在看 "edit page" 并在那里摆弄了很多但我只需要应用 html_entity_decode 在哪里内容已显示给客户端,或者在我的情况下也在 "manage content" 中显示...我什至没有在问题中包含该部分...太愚蠢了...:D
<?php echo html_entity_decode($current_subject["content"]); ?>
也许这对以后的人有帮助...:)
我知道这是一个旧的,因为我已经在网上搜索了 3 个小时,但我就是想不通这个。我知道我必须在我的代码中的某处放置 html_entity_decode 或 htmlspecialchars_decode,因为我相信 html 实体在从数据库中提取时不会转换回来......但是在哪里?无论是编辑还是创建都没关系...我尝试同时使用 CKeditor 和 TinyMce..同样的事情发生了..没有插件..所以没有对编辑器进行任何更改..
这里是编辑
<?php find_selected_page(); ?>
<?php
if (isset($_POST['submit'])) {
// Process the form
$id = $current_subject["id"];
$menu_name = mysql_prep($_POST["menu_name"]);
$position = (int) $_POST["position"];
$visible = (int) $_POST["visible"];
$content = mysql_prep($_POST["content"]);
// validations
$required_fields = array("menu_name", "position", "visible", "content");
validate_presences($required_fields);
$fields_with_max_lengths = array("menu_name" => 30);
validate_max_lengths($fields_with_max_lengths);
if (empty($errors)) {
// Perform Update
$query = "UPDATE subjects SET ";
$query .= "menu_name = '{$menu_name}', ";
$query .= "position = {$position}, ";
$query .= "visible = {$visible}, ";
$query .= "content = '{$content}' ";
$query .= "WHERE id = {$id} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
// Success
$_SESSION["message"] = "Stranica uređena.";
redirect_to("manage_content.php?subject={$id}");
} else {
// Failure
$_SESSION["message"] = "Uređivanje stranice neuspjelo.";
}
}
} else {
// This is probably a GET request
} // end: if (isset($_POST['submit']))
?>
这是回显的地方
<textarea name="content" id="editor1" class="form-control" rows="20" cols="80"><?php echo htmlentities($current_subject["content"]); ?></textarea>
<script>
// Replace the <textarea id="editor1"> with a CKEditor
// instance, using default configuration.
CKEDITOR.replace( 'editor1', {
language: 'hr',
} );
</script>
函数如下
function find_all_subjects($public=true) {
global $connection;
$query = "SELECT * ";
$query .= "FROM subjects ";
if($public) {
$query .= "WHERE visible = 1 ";
}
$query .= "ORDER BY position ASC";
$subject_set = mysqli_query($connection, $query);
confirm_query($subject_set);
return $subject_set;
}
function find_subject_by_id($subject_id, $public=true) {
global $connection;
$safe_subject_id = mysqli_real_escape_string($connection, $subject_id);
$query = "SELECT * ";
$query .= "FROM subjects ";
$query .= "WHERE id = {$safe_subject_id} ";
if($public){
$query .= "AND visible = 1 ";
}
$query .= "LIMIT 1";
$subject_set = mysqli_query($connection, $query);
//Test if there was a query error
confirm_query($subject_set);
if($subject = mysqli_fetch_assoc($subject_set)) {
return $subject;
}else {
return null;
}
}
function find_selected_page($public=false) {
global $current_subject;
global $current_page;
if(isset($_GET["subject"])) {
$current_subject = find_subject_by_id($_GET["subject"], $public);
$current_page = null;
}elseif (isset($_GET["page"])) {
$current_page = find_page_by_id($_GET["page"], $public);
$current_subject = null;
}else{
$current_subject = null;
$current_page = null;
}
}
所以,最后它应该是这样的: 这是public页面
上的一些文本相反,它看起来像这样
<p>Here is <strong>some</strong> text on the public page</p>
从您需要查看的代码中是否还有其他要添加的内容?
有什么建议吗?
是否可以显示回显的原始文本,然后编辑器在不使用 html 标签的情况下获取并显示它?
或者我该如何使用它?
PHP’s strip_tags() equivalent MYSQL function
如果我添加
$content = mysql_prep(strip_tags(html_entity_decode($_POST["content"])));
然后就没有文本格式了..
提前致谢...
我明白了...原来我看错了东西...我在看 "edit page" 并在那里摆弄了很多但我只需要应用 html_entity_decode 在哪里内容已显示给客户端,或者在我的情况下也在 "manage content" 中显示...我什至没有在问题中包含该部分...太愚蠢了...:D
<?php echo html_entity_decode($current_subject["content"]); ?>
也许这对以后的人有帮助...:)