CMS Made Simple Forums

Hi All, forgive me if this is not the right place to post this...I'm new to CMSMS and am attempting to develop my first module, but I have a stupid question:

I'm using parameterized queries to update my database, E.G: $db->Execute( $mysqlquery, array(...$params...) ).  And I'm using the TinyMCE editor for a field input in my form.  All seems to work (the database is updated), but when the Execute command inserts or updates my record in the DB, it replaces greater than (>) and less than (<) characters in each field with the HTML codes "&gt" and "&lt", which messes up any HTML formatting the TinyMCE editor did. 

I looked at the News module, and it does something similar, and it doesn't have the problem I do, so what am I doing wrong?  I don't see what's different.  Please help. 

Are you sure it's the Execute function? Did you try printing the params just before executing, just to see if the html entities aren't already there?

You're right plger, it's not the Execute function, the actual params are encoded.  Hmm...should I decode them, or is there a way to disable this automatic encoding?  I keep looking at the news module, and the params aren't encoded like this there. 

You may decode them using html_entities_decode(), but I'm not sure you'd like that all entities be decoded. Either way, it isn't cool not to get what's going on.
Does it still happen if TinyMCE is disabled (and you input html yourself, of course)? If yes, I'd suggest posting whatever code is processing the information until the query is executed, because as far as I'm concerned I don't know what your problem could be.

Yes...even when I disable TinyMCE and enter some HTML manually, the values all still get encoded.  I'm getting more confused all the time.  And no, I don't want to decode params if I can figure out how to stop them from being encoded in the first place.  I'm going to start going through the CMSMS code until I figure it out. 

As for my code, it's based on the Skeleton module, which does the exact same thing to me. 

Well, I made a little progress.  I discovered the function cms_htmlentities in /lib/misc.functions.php is what's doing the encoding. 

OK, well I haven't really solved the issue, but I guess I'm happy for now.  It has something to do with the fact that the form was submitted through the front-end, and the params are encoded by the CMSMS system--for security, maybe? 

SO...I looked at the news module again, in the action.fesubmit.php file, which is used for front-end submissions, like mine.  In that file, when the params are requested, they are put through the function cms_html_entity_decode($str), which apparently undoes the entity encoding. 

I'm don't really like this fix, but it will work for now.  Thanks, plger for all your help!