Problems when saving to the database with html?

S

Sergey Defactov2018-04-07 00:54:46

PHP

Sergey Defactov, 2018-04-07 00:54:46

When creating a post, there is a function that turns the normal html record into a database example
, but when editing a post, it saves like this

&lt;p&gt;&lt;span style=&quot;font-family: Georgia,serif;&quot;&gt;&lt;em&gt

The functions are different sent through the form and ajax
one noticed that the creation of the post has a Wo_Markup function that converts the tags into a normal view How can I substitute it so that when editing it also has a normal
ajax view

if ($f == "update-post") {
    if (Wo_CheckSession($hash_id) === true) {
        if (empty($_POST['title']) || empty($_POST['postText']) || empty($_POST['category'])) {
            $error = $error_icon . $wo['lang']['please_check_details'];
        } else {
            if (strlen($_POST['title']) < 10) {
                $error = $error_icon . $wo['lang']['title_more_than10'];
            }
           
        
            if (!in_array($_POST['category'], array_keys($wo['feed_categories']))) {
                $error = 'erer';
            }
        }
        if (empty($error)) {
            $registration_data = array(
                'title' => $_POST['title'],
                'postText' => $_POST['postText'],
                'category' => $_POST['category'],
                                'tags' => $_POST['post_tags']

            );
            if (Wo_UpdateFeed($_GET['post_id'], $registration_data)) {
                if (isset($_FILES["postPhoto"])) {
                    $fileInfo           = array(
                        'file' => $_FILES["postPhoto"]["tmp_name"],
                        'name' => $_FILES['postPhoto']['name'],
                        'size' => $_FILES["postPhoto"]["size"],
                        'type' => $_FILES["postPhoto"]["type"],
                        'types' => 'jpeg,jpg,png,bmp,gif',
                        'crop' => array(
                            'width' => 600,
                            'height' => 380
                        )
                    );
                    $media              = Wo_ShareFile($fileInfo);
                    $mediaFilename      = $media['filename'];
                    $image              = array();
                    $image['user_id']      = $wo['user']['user_id'];
                    $image['postPhoto'] = $mediaFilename;
                    Wo_UpdateFeed($_GET['post_id'], $image);
                }
                $data = array(
                    'message' => 'asd',
                    'status' => 200,
                    'url' => Wo_SeoLink('index.php?link1=home')
                );
            }
        } else {
            $data = array(
                'status' => 500,
                'message' => $error
            );
        }
    }
    header("Content-type: application/json");
    echo json_encode($data);
    exit();
}

php

function Wo_UpdateFeed($id = 0, $update_data = array()) {
    global $sqlConnect, $wo;
    $update = array();
    if ($wo['loggedin'] == false) {
        return false;
    }
    if (empty($update_data)) {
        return false;
    }
    if (empty($id)) {
        return false;
    }

     
    $id = Wo_Secure($id);

    foreach ($update_data as $field => $data) {
        $update[] = '`' . $field . '` = \'' . Wo_Markup(Wo_Secure($data, 0, false)) . '\'';
    }
    $impload   = implode(', ', $update);
    $query_one = "UPDATE " . T_POSTS . " SET {$impload} WHERE `post_id` = {$id} ";
    $query     = mysqli_query($sqlConnect, $query_one);
    return $query;
}

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

S

Stalker_RED, 2018-04-07
@Stalker_RED

Somewhere in your code you have htmlspecialchars or some similar escape function. Try to track at what point the text "spoils".
>> How to substitute it
Copy its call to the place where you need it.