我正在使用 froala 编辑器(所见即所得编辑器)
使用以下代码将所有内容保存<textarea>到 sql
<?php
$servername = "localhost";
$username = "sanoj";
$password = "123456";
$dbname = "test";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// prepare sql and bind parameters
$stmt = $conn->prepare("INSERT INTO wysiwyg (savesql) VALUES (:savesql)");
$stmt->bindParam(':savesql', $savesql);
// insert a row
$savesql = filter_input(INPUT_POST, 'store');
$stmt->execute();
echo "New records created successfully";
}
catch(PDOException $e)
{
echo "Error: " . $e->getMessage();
}
$conn = null;
?>
由于我使用所见即所得,因此有来自 froala 的各种库
我是否需要为用户输入创建验证,否则这些库将防止PHP攻击
这就是我从 sql 回显数据的方式
<?php
$servername = "localhost";
$username = "sanoj";
$password = "123456";
$dbname = "test";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$sql = "SELECT memberID, savesql FROM wysiwyg";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
// output data of each row
while ($row = mysqli_fetch_assoc($result)) {
echo "id: " . $row["memberID"] . " - Name: " . $row["savesql"];
}
} else {
echo "0 results";
}
mysqli_close($conn);
?>