Being that it is 2024 DSI uses technology other than basic HTML for its web presence.

Your browser is not enabling JavaScript

To truly use our website this will need to be corrected.
Or, use an alternative browser.

DSI Globe Logo




DSI -> 4business -> University (Help you do it) -> Programming

Ckeditor Retain Script Code And Save To Database

Finalized by: Steve T on August 13, 2015

CK Editor is an excellent open source text editor for HTML textarea fields. 



It allows you to create or modify content similar to how Microsoft Word or Open Office would. It's especially handy for a system backend or a content management system for your website or project. Simply put, it helps you manage HTML coding with little to no HTML knowledge or without wasting valuable time on proper syntax. 

There are a number of plugins and addons available to gain even more functionality and style such as drag an drop image uploads.

You can find more information on CKEditor here:

One of the problems you may find with CKEditor is when you try to include scripting language code. By default CKEditor will convert opening and ending code to HTML numbers code. This can be a problem if you're trying to display some code to your visitors or if you're trying to include the code as part of output processing.

Let's say you wanted to add an HTML form to one of your pages created with CKEditor and you wanted one of the fields in that form to be populated with some data that has been predefined somewhere else via PHP. Let's say a text input. 

Here is what that would look like without the PHP influence:

<input type="text" id="user" name="user" />


And with PHP it would look something like:

<input type="text" id="user" name="user" value="<? echo $user; ?>" />


If you save it at this point the value field would be modified by CKEditor to something like this:

<input type="text" id="user" name="user" value="&lt;? echo $user; ?&gt;" />


Obviously this is not going to work as intended. Your text input field would show what you were trying to accomplish, but the PHP would be lost and never processed. The text input field would show <? echo $user; ?>, but not the actual defined variable.

To get around this add the following to your CKEditor config.js file. 

config.protectedSource.push(/<\?[\s\S]*?\?>/g);   // PHP Code
config.protectedSource.push(/<%[\s\S]*?%>/g);   // ASP Code
config.protectedSource.push(/(]+>[\s|\S]*?<\/asp:[^\>]+>)|(]+\/>)/gi);   // ASP.Net Code

You must type in all your language code in 'source' mode, but your code will be retained.

Another caveat is when you save your CKEditor data in a database with programming language as part of the data it's not always easy to execute that code. This is intentional by design and really has nothing to do with CKEditor. It can be dangerous to execute code that is stored in a database. It is best practice not to do so. Security vulnerabilities exist that could be exploited. There are cases where you may need the ability, but you should definately make certain that security has been considered. 

For PHP, eval() will allow you to run code extracted from a database.

<?php echo eval("?>". $var ."<?") ?>


Read this post and this post to know more about problems using eval().