tinyMCE & wordpress giving odd characters... tried combination of solutions...

Question

Hi there,

I am trying to embed a flash video into a custom setup of the tinyMCE editor. It is seperate from the main WordPress one, but it is still within the wordpress admin area.

The output code from a simple youtube embed block is as follows:

<p><img mce_src=\"../wp-content/themes/porcelain/tinymce/jscripts/tiny_mce/plugins/media/img/trans.gif\" src=\"../wp-content/themes/porcelain/tinymce/jscripts/tiny_mce/plugins/media/img/trans.gif\" width=\"560\" height=\"340\" style=\"\" class=\"mceItemFlash\" title=\"&quot;allowFullScreen&quot;:&quot;true&quot;,&quot;allowscriptaccess&quot;:&quot;always&quot;,&quot;src&quot;:&quot;http://www.youtube.com/v/26Ywp6vUQMY&amp;amp;hl=en&amp;amp;fs=1&amp;amp;&amp;quot;,&amp;quot;allowfullscreen&amp;quot;:&amp;quot;true&amp;quot;\"&gt;&lt;/p&gt;

As you can see, it's escaping the quotes when I don't want it to...

Any help is massively appreciated, and I know this is a school boy error. I just need setting straight.

Thanks.

Answer 1

This often happens when you have code that escapes data before using it in sql (as it should do) on a server that has php's magic quotes feature enabled. This feature causes php to automatically escape get and post data when it loads. If you then escape it again, things go wrong - it gets double escaped, so escaped data goes into the db.

PHP has now deprecated this feature, they realised it was a nuiscance, caused more pain than it saved - they were trying to build in security, but ultimately the developer needs to be aware of and work around security issues, rather than having them taken care of silently. Myself, I ended up regularly including code in stuff to detect if this was enabled and reverse it early in the execution if it was.

More thorough explanation:

http://uk2.php.net/magic_quotes

Of course ... i may be totally barking up the wrong tree!!