0

I am trying to send Richtext data to PHP using Ajax all things working correctly excepts for the font color when I apply the font color it's commenting all the code after that because color is in HEX format i have tried change font color to RGB but it also change after sending to PHP now i have removed it from Textrich but i really need to know how to escape this problem.

This is the code printed by console log

<div><font color="#ff0000">test</font></div>

this what PHP echo 

<div><font color="

this is the text rich generating code for font color just need to escape the commenting.

enter image description here

now my problem is i am trying to store text-area data in the database but when text area data process by the PHP it's commenting all the code after # i need a way to escape that problem

This is my javascript code

`$('#save_btn').click(function(event){
    event.preventDefault();
      console.log($("#example").val());
    if(text()){
        $.ajax({
        url:'../web/php/addoffer.php?offertitle='+$('#offer_title').val()+'&offer_desc='+$("#example").val()+'&offerstart='+$("#offer_s_date")+'&offerend='+$("#offer_e_date").val(),
        type:'GET',
        success:function(confirmation){
            console.log(confirmation);
        }

        });
    }
});

This is my php code

if(isset($_GET['offertitle']) && isset($_GET['offer_desc']) && isset($_GET['offerstart']) && isset($_GET['offerend'])){
     echo $_GET['offer_desc'];
}

This is the text-rich editor i am using

Thalinda Bandara
  • 1,039
  • 1
  • 11
  • 27
  • 2
    you understand it should be `color="#ff0000">` without two sets of quotes? It's not clear what the issue is. You didn't know this was incorrect? Or you mean some 3rd party code is generating this rubbish and you need to parse it and remove the bad part? Please clarify. Also the problem is not related to the colour being written using hex, the problem is the extra set of quote marks. – ADyson Mar 21 '18 at 14:08
  • invalid syntax `color="'#ff0000'"` --- valid syntax `color="#ff0000">` – Noman Mar 21 '18 at 14:09
  • 2
    The tag is not supported in HTML5. Use CSS instead. – CodeGodie Mar 21 '18 at 14:09
  • so youre saying this is fetched via AJAX. Can you provide a console.log of your AJAX results? – CodeGodie Mar 21 '18 at 15:09
  • @CodeGodie no no this one fetched by Ajax `
    test
    ` this one fetched by PHP `
     – Thalinda Bandara Mar 21 '18 at 16:10

3 Answers3

2

Edit : <div><font color="'#ff0000'">Test</font></div>

With: <div style="color: #ff0000;">Test</div>

That should fix it :)

NOTE: There is no need to add <font> if "Test" is all that is in the div you can use the style option within the div. Or you could even create <p> and give them a class and style that specific class

JamesBond
  • 312
  • 2
  • 17
1

try by givind inline css

 <div style = "color:#ff0000">Test</div>
Rp9
  • 1,955
  • 2
  • 23
  • 31
1

When AJAX requests fail, you should always examine the request in your browser to determine what exactly is being sent to the server. Your request is being made to the following URL:

url:'../web/php/addoffer.php?offertitle='+$('#offer_title').val()+'&offer_desc='+$("#example").val()+'&offerstart='+$("#offer_s_date")+'&offerend='+$("#offer_e_date").val()

However we already know that the value of $("#example").val() is:

<div><font color="#ff0000">test</font></div>

Assuming the other values you have in the URL are just regular strings without any special characters, what you have is:

url:'../web/php/addoffer.php?offertitle=somestring&offer_desc=<div><font color="#ff0000">test</font></div>&offerstart=somestring&offerend=somestring'

As you'll notice, this contains the # character, which means that everything after that is treated as a fragment identifier, and not part of the URL itself. Therefore, what PHP actually gets is:

'../web/php/addoffer.php?offertitle=somestring&offer_desc=<div><font color="'

You therefore need to url encode all values in the URL so that PHP receives what you would expect. If it is based on user input, I would also recommend encoding the other values as well.

HOWEVER

With all that said, you should not be using GET to perform an action. This should be done using POST. Using GET is totally inappropriate for this. Also with POST you don't have to worry about URL encoding your variables.

Mike
  • 23,542
  • 14
  • 76
  • 87