0

Please help me, there is no error but when I check my database, it inserts nothing. Please help.

here is the faqs.php

 <div class="myeditor">

     <form method="post" action="insert.php">

         FAQs <input type="text" name="ckFAQS">

         <script>
             CKEDITOR.replace( 'ckFAQS' );
         </script>

         <input type="submit">
     </form>

 </div>

and here is insert.php

 <?php
     $editor_data = $_POST[ 'ckFAQS' ];
 ?>
 <?php
     $sql="INSERT INTO FAQs (FAQs_Text) VALUES ('$editor_data')";
     if (!mysqli_query($con,$sql))
         die('Error: ' . mysqli_error($con));
     echo "1 record added";
     mysqli_close($con);
 ?>
user2990463
  • 21
  • 9
  • Consider escaping `$_POST[ 'ckFAQS' ];` – Hanky Panky Nov 14 '13 at 04:11
  • `');DROP TABLE FAQs;SELECT ('` sQlInJecTiOn hAxxOr! NEVER trust the data that you get from the client. Never? NEVER! – some Nov 14 '13 at 04:16
  • I did this instead $sql="INSERT INTO FAQs (FAQs_Text) VALUES ('$_POST[ 'ckFAQS' ];')"; But im having an error – user2990463 Nov 14 '13 at 04:20
  • You should really look into [prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). When you concatenate your strings for an sql-query you open up yourself for [SQL injection-attacks](http://en.wikipedia.org/wiki/SQL_injection) where a malicious user can edit or delete all your data. – some Nov 14 '13 at 04:29

3 Answers3

0

Looks like you need to update the text content of your field before you can submit it. CKEditor does not edit directly inside an input, it creates an iframe and works at a separate layer. You need to update the backend HTML input with the CKEditor value.

First, I suggest that you convert that input to a <textarea>, it's much more natural. Then try this:

<input type="submit" onClick="CKupdate();">
<script>
function CKupdate(){
    for ( instance in CKEDITOR.instances )
        CKEDITOR.instances[instance].updateElement();
}
</script>

This is copied from How to ajax-submit a form textarea input from CKEditor? - that question/answer explains the issue nicely

Community
  • 1
  • 1
Joel Peltonen
  • 13,025
  • 6
  • 64
  • 100
0

You need to give textarea instead of textbox,Just replace your code

<input type="text" name="ckFAQS">

TO

<textarea  name="ckFAQS" cols="40" rows="40"></textarea>

in faqs.php

Thanks

user7789076
  • 798
  • 2
  • 12
  • 25
-2

This type of issue mainly comes when there is some special character in your string

I would like to suggest use mysql_real_escape_string like

$editor_data = mysql_real_escape_string($_POST['ckFAQS']);

Thanks

user7789076
  • 798
  • 2
  • 12
  • 25
  • Thanks for the reply sir, I did what you said, but still can't get the data from ckeditor, when i look at my database there is a data inserted but its empty. Here's what I did. $editor_data = mysql_real_escape_string($_POST['ckFAQS']); $sql="INSERT INTO FAQs (FAQs_Text) VALUES ('$editor_data')"; – user2990463 Nov 14 '13 at 10:05