Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexander Bagirov2015-06-09 17:59:52
PHP
Alexander Bagirov, 2015-06-09 17:59:52

How to save large text to database and render it harmless?

Good evening.
I am using the Markdown Editor . It will be called on the page, after which some text is typed in the markup. Then I need to store all this in MySQL for later output through the parser.
In the Readme I see this method for getting text from the editor (it's built into <textarea>):
editor.codemirror.getValue();
Now I have a few questions:

  1. It turns out that I get the text into a JS variable. How to put it in PHP?
  2. What to do with line breaks?
  3. What functions to use when writing to the database to cut out JavaScript codes accidentally inserted by the user?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
T
trevoga_su, 2015-06-09
@trevoga_su

How to put it in PHP?
buy php textbook

Report
A
Archakov Dennis, 2015-06-09
@archakov06

1. Yes, it turns out like this. You can send it like this:

var text = editor.codemirror.getValue();
$.post('/addnews',{post_text:text,post_parametr:'значение'},function(data){
//... в data будет ответ от сервера
});

2. Use PHP function: str_replace() or process via JS, function: replace() . Example:
var text = 'я 123 тру-кодер 123 жи есть!';
var result = text.replace(/123/g,'');
alert(result);

3. Here it is necessary to invent logic for the script. Define regular expressions and cut them out, or use this function, I use it often:
function process($source) {
      
    if( function_exists( "get_magic_quotes_gpc" ) && get_magic_quotes_gpc() ) $source = stripslashes( $source );  

    $source = str_ireplace( "{include", "&#123;include", $source );
    $source = str_ireplace( "{content", "&#123;content", $source );
    $source = str_ireplace( "{custom", "&#123;custom", $source );

    $source = $this->remove( $this->decode( $source ) );
      
    if( $this->code_count ) {
      foreach ( $this->code_text as $key_find => $key_replace ) {
        $find[] = $key_find;
        $replace[] = $key_replace;
      }
        
      $source = str_replace( $find, $replace, $source );
    }
      
    $this->code_count = 0;
    $this->code_text = array ();

    $source = preg_replace( "#<script#i", "&lt;script", $source );

    /*if ( !$this->safe_mode ) {
      $source = preg_replace_callback( "#<iframe(.+?)src=['\"](.+?)['\"](.*?)>(.*?)</iframe>#is", array( &$this, 'check_frame'), $source );
    }*/

    //$source = str_ireplace( "<iframe", "&lt;iframe", $source );
    //$source = str_ireplace( "</iframe>", "&lt;/iframe&gt;", $source );
    $source = str_replace( "<?", "&lt;?", $source );
    $source = str_replace( "?>", "?&gt;", $source );

    $source = addslashes( $source );			
    return $source;

  }

Similar questions
B
bio2015-03-31 04:08:43
How to make a soap xml parser? 2Reply
S
StayAtHome2015-04-01 12:24:02
How to distinguish a web request from a regular page from a request from the extension itself from a Chrome/Opera extension? 4Reply
I
ITpie2021-03-25 20:16:06
How to make docker to test python code with certain libraries? 3Reply
D
Dmitry2019-09-20 14:21:34
Does not download files from utorrent, openwrt firmware? 1Reply
K
Ksander882021-04-16 11:31:56
How to make a print order button before placing an order? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question