3

I am using CKEditor to insert text into a MySQL database. I have noticed that my installed CKEditor is escaping all HTML elements when the data reaches the database.

Therefore the following is what I am getting in the database after I have inserted the text with CKEditor:

'&' (ampersand) becomes '&'

'"' (double quote) becomes '"

"'" (single quote) becomes ''

'<' (less than) becomes '&lt;' 

'>' (greater than) becomes '&gt;'

I would rather disable the CKEditor HTML escaping completely, and rely on my PHP script to handle the HTML escaping using PHP's htmlspecialchars.

Another good reason for me to disable CKEditor's HTML escaping ability is that I want to preserve the written content in the MySQL database. In other words I want to keep the single quotes and double quotes in the database, and then I want to have PHP sanitise the HTML elements with htmlspecialchars when I print the database data to page using MySQL select statement.

Can anybody tell me how to disable html escaping within CKeditor? Your input or any advice on the above would be much appreciated.

halfer
  • 19,824
  • 17
  • 99
  • 186
user1710099
  • 31
  • 1
  • 2
  • 3
  • use PHP-PDO in your MySQL rather than making a program that escapes the html charaters before inserting it into your database.... http://php.net/manual/en/book.pdo.php – Clint Bugs Oct 03 '12 at 05:13

1 Answers1

10

Here you go:

halfer
  • 19,824
  • 17
  • 99
  • 186
oleq
  • 15,697
  • 1
  • 38
  • 65
  • 5
    OK...Thanks for your input. The problem is solved. All I needed to do is edit the CKEditor Config file and paste in the following code: CKEDITOR.editorConfig = function( config ) { config.resize_enabled = false; config.entities_latin = false; config.entities_greek = false; config.entities = false; config.basicEntities = false; }; The CKEditor online documentation is misleading as it tells you to edit the _source/plugins/entities/plugin.js. Ifound you just need to edit the config.js file and do nothing else! – user1710099 Oct 04 '12 at 18:45
  • 2
    @user1710099 it still doesn't work, I get `&` inside `` – Mr. TA Sep 15 '17 at 19:30