5 Replies - 4343 Views - Last Post: 04 March 2011 - 07:21 AM Rate Topic: -----

#1 MrLuke187   User is offline

  • D.I.C Head
  • member icon

Reputation: 81
  • View blog
  • Posts: 237
  • Joined: 09-July 10

WordPress Plugin with TinyMCE - Escape-Problem

Posted 03 March 2011 - 02:40 PM

Hi there!

I'm writing a little plugin for WordPress, which is used to create new entry's in a Notebook (also written in PHP, but not as a Plugin for WordPress). The Plugin should only create, edit and delete entry's from the Notebook (so I don't need to write a back end myself).

For the Editor, i use TinyMCE from WordPress (with the wp_tiny_mce()-function). I also use the $wpdb->prepare() function from WP to write the created entry in the Database. But the result in the Database is something like this:

Quote

<p style=\"text-align: center;\">Ich bin Zentriert</p>

As you can see, escaped HTML-Code is stored in the Database and I have no idea why. I only use the prepare() Function from WP (which is used to escape code) and than store it in the Database.

I first thought, Magic Quotes would maybe the Problem, but Magic Quotes isn't activated at all.

The code look's like this:
global $wpdb;
$wpdb->show_errors();
// Query erstellen:
$sql = 'INSERT INTO bb_eintrag (headline, datum, preview, inhalt) VALUES 
			(%s, NOW(), %s, %s)';
if (!$wpdb->query(
	$wpdb->prepare($sql, $_POST['headline'], $_POST['preview'], $_POST['inhalt'])
)){
	exit("<p>Eintrag konnte nicht erstellt werden!</p>");
}


What am I missing?

Greetings: Luke

Is This A Good Question/Topic? 1
  • +

Replies To: WordPress Plugin with TinyMCE - Escape-Problem

#2 RudiVisser   User is offline

  • .. does not guess solutions
  • member icon

Reputation: 1010
  • View blog
  • Posts: 3,566
  • Joined: 05-June 09

Re: WordPress Plugin with TinyMCE - Escape-Problem

Posted 03 March 2011 - 11:30 PM

I'm not sure why this would be happening, but it will aid debugging if you check what the value is of the keys in $_POST.
var_dump($_POST);


Now check if there's already slashes applied, if there is, call stripslashes before passing it to $wpdb->prepare().
Was This Post Helpful? 1
  • +
  • -

#3 MrLuke187   User is offline

  • D.I.C Head
  • member icon

Reputation: 81
  • View blog
  • Posts: 237
  • Joined: 09-July 10

Re: WordPress Plugin with TinyMCE - Escape-Problem

Posted 04 March 2011 - 04:07 AM

You we're right, they are escaped in the $_POST[]. I don't have a clue why but they are.

After using the stripslashes-function, they aren't any more. But why are the escaped anyways?

Magic Quotes is deactivated (checked it again):
Attached Image

Greetings: Luke
Was This Post Helpful? 0
  • +
  • -

#4 MrLuke187   User is offline

  • D.I.C Head
  • member icon

Reputation: 81
  • View blog
  • Posts: 237
  • Joined: 09-July 10

Re: WordPress Plugin with TinyMCE - Escape-Problem

Posted 04 March 2011 - 06:59 AM

Okay, i got through with it:

It seams, that this isn't a bug, it's a WP-feature. WP automatically escapes everything in the $_POST-Array (no madder if Magic Quotes is activated or not).

WP also prevents a function called stripslashes_deep() (see here) which removes the slashes.

Also i went on the #wordpress IRC channel and talked to some guys. They told me not to use the function like this:
$_POST = stripslashes_deep($_POST);


Instead of doing this, use the PHP function stripslashes for the elements the plugin needs. So this is what you'll use:
$element = stripslashes($_POST['the_element']);


Anyways, THX to you RudiVisser!

Greetings: Luke

This post has been edited by MrLuke187: 04 March 2011 - 07:00 AM

Was This Post Helpful? 0
  • +
  • -

#5 RudiVisser   User is offline

  • .. does not guess solutions
  • member icon

Reputation: 1010
  • View blog
  • Posts: 3,566
  • Joined: 05-June 09

Re: WordPress Plugin with TinyMCE - Escape-Problem

Posted 04 March 2011 - 07:15 AM

Wordpress is awesome.
Was This Post Helpful? 0
  • +
  • -

#6 MrLuke187   User is offline

  • D.I.C Head
  • member icon

Reputation: 81
  • View blog
  • Posts: 237
  • Joined: 09-July 10

Re: WordPress Plugin with TinyMCE - Escape-Problem

Posted 04 March 2011 - 07:21 AM

View PostRudiVisser, on 04 March 2011 - 03:15 PM, said:

Wordpress is awesome.

No doubt about that :D

Greetings: Luke
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1