0

So I have put together a custom WYSIWYG editor for posting out. Here is the JS file:

function iframe(){
    editor.document.designMode = 'on';
}

function bold(){
    editor.document.execCommand('bold', false, null);
}

function italic(){
    editor.document.execCommand('italic', false, null);
}

function underline(){
    editor.document.execCommand('underline', false, null);
}

function fontsize(){
    var size = prompt("Enter a size (1-7)", "");
    editor.document.execCommand('fontsize', false, size);
}

function fontcolor(){
    var color = prompt("Enter a hex code or name of color", "");
    editor.document.execCommand('forecolor', false, color);
}

function highlight(){
    editor.document.execCommand('backcolor', false, "yellow");
}

function link(){
    var link = prompt("Enter a link", "http://");
    editor.document.execCommand('createLink', false, link);
}

function unlink(){
    editor.document.execCommand('unlink', false, null);
}

function formsubmit(){
    document.getElementById("textarea").value = window.frames['editor'].document.body.innerHTML;
    document.getElementById("rtf").submit();
}

Here is the form it latches onto:

<form action="actions/newDocAdd.php" method="post" id="rtf">
    <input type="text" name="doc_title" id="doc_title" required="required" placeholder="Document Title"/><br />


    <input type="button" value="B" onclick="bold()">
    <input type="button" value="I" onclick="italic()">
    <input type="button" value="U" onclick="underline()">
    <input type="button" value="Size" onclick="fontsize()">
    <input type="button" value="Color" onclick="fontcolor()">
    <input type="button" value="Highlight" onclick="highlight()">
    <input type="button" value="Link" onclick="link()">
    <input type="button" value="Unlink" onclick="unlink()">

    <br><br>

    <textarea name="doc_content" id="doc_content" placeholder="Document Content" style="display: none;"></textarea>
    <iframe name="editor" id="editor" style="width:100%; height: 500px;"></iframe>

    <br><br> 
    <input onclick="formsubmit()" type="submit" value="Create Document" name="submit"/><br />


</form>

And here is the php script that does the work:

<?php=

if(isset($_POST["submit"])){
$hostname='localhost';
$username='******';
$password='******';

try {

$dbh = new PDO("mysql:host=$hostname;dbname=******",$username,$password);

$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // <== add this line

$sql = "INSERT INTO doc_list (doc_title, doc_content, doc_created) VALUES ('".$_POST["doc_title"]."','".$_POST["doc_content"]."', NOW() )";

if ($dbh->query($sql)) {
    header ('Location: ../docList.php');
}
else{
}

$dbh = null;
}
catch(PDOException $e)
{
echo $e->getMessage();
}

}
?>

What is happening is that while creating the post all the JS editor bits work but when it posts the content out it fails to update the database now (where as it did before I made these changes from a simple input field to the editable textarea/iframe. Maybe I am missing something very simple here but cannot spot why it fails to post into the DB any longer?

PhpDude
  • 1,542
  • 2
  • 18
  • 33
  • 1
    Use prepared statements to insert. If any of the input has a quote here your insert will fail. Are you getting any error messages? – chris85 May 03 '15 at 19:13
  • How do you mean: If any of the input has a quote here your insert will fail. Where should I be looking sorry? – PhpDude May 03 '15 at 19:14
  • You would have to debug your code yourself. This is a codedump and the statement "it fails"... – PeeHaa May 03 '15 at 19:14
  • But surely I would get flamed for not showing my code? I have explained that it fails by the content part is not being submitted yet the title is, there are only two fields? sorry 3 including the id. – PhpDude May 03 '15 at 19:16
  • Do any of the fields you're submitting have a single quote in them? Do you get an error message? This ` – chris85 May 03 '15 at 19:18
  • the – PhpDude May 03 '15 at 19:22
  • If you look at the POST data is the content present? – chris85 May 03 '15 at 19:25
  • Just done a var_dump and it would appear not, the doc_title is there and the date but not the content it is an empty string... string(91) "INSERT INTO doc_list (doc_title, doc_content, doc_created) VALUES ('Test Title','', NOW() )" – PhpDude May 03 '15 at 19:28
  • Okay, than seems like a JS issue, outside of my area. Keep in mind the prepared statements though could have an issue once you get content passing correctly. – chris85 May 03 '15 at 19:33
  • It would appear it is the iframe, so because if you look at my code, I thought that by hiding the input field and using the iframe it would still output the data but this does not seem to be the case, I wonder if anyone else can shed any light on it - I will look seriously into to what you have advised – PhpDude May 03 '15 at 19:36

0 Answers0