test.html:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Full Page Editing - CKEditor Sample</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<script type="text/javascript" src="ckeditor/ckeditor.js"></script>
</head>
<body>
<h1>
CKEditor Sample
</h1>
<form action="posteddata.php" method="post">
<textarea cols="80" id="editor1" name="editor1" rows="10"><p>This is some <strong>sample text</strong>. You are using <a href="http://ckeditor.com/">CKEditor</a>.</p></textarea>
<script type="text/javascript">
CKEDITOR.replace( 'editor1' );
</script>
<p>
<input type="submit" value="Submit" />
</p>
</form>
</body>
</html>
posteddata.php:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>无标题文档</title>
</head>
<body>
<?php
require_once('db_conn.php');
if(!$db_conn)
{
die('Could not connect: ' . mysql_error());
exit();
}
if ( isset( $_POST ) )
$postArray = &$_POST ;
else
$postArray = &$HTTP_POST_VARS ;
foreach ( $postArray as $sForm => $value )
{
if ( get_magic_quotes_gpc() )
$postedValue = htmlspecialchars( stripslashes( $value ) ) ;
else
$postedValue = htmlspecialchars( $value ) ;
}
mysql_select_db($db_name, $db_conn);
$query="INSERT INTO $tbl_test (content) values ('$postedValue')";
$result = mysql_query($query,$db_conn);
if($result)
{
echo "successful";
}
else
{
echo "ERROR";
}
mysql_close($db_conn);
?>
</body>
</html>
show.php:
<?php
require_once('db_conn.php');
if(!$db_conn)
{
die('Could not connect: ' . mysql_error());
exit();
}
mysql_select_db($db_name, $db_conn);
$query="SELECT * FROM $tbl_test ORDER BY contentid DESC LIMIT 0,1";
$result = mysql_query($query,$db_conn);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>无标题文档</title>
</head>
<body>
<?
$rows=mysql_fetch_array($result);
echo html_entity_decode($rows['content']);
?>
</body>
</html>
<?
mysql_close($db_conn);
?>
StripSlashes()函数:本函数可去掉字符串中的反斜线字符。若是连续二个反斜线,则去掉一个,留下一个。若只有一个反斜线,就直接去掉。
addslashes()函数:返回字符串,该字符串为了数据库查询语句等的需要在某些字符前加上了反斜线。这些字符是单引号(')、双引号(")、反斜线(/)与 NUL(NULL 字符)。
htmlspecialchars()函数:把一些预定义的字符转换为 HTML 实体。
html_entity_decode()函数:把HTML实体转换成一些预定义的字符。
使用CKEditor进行HTML编辑,使用htmlspecialchars()函数把字符转换成HTML实体存入数据库,从数据库提取数据时使用html_entity_decode()函数把HTML实体转换成字符.