Jani Hartikainen has posted a guide to his blog for getting the FCKeditor integrated into your Zend_Form instance.

How to use FCKeditor, or any other WYSIWYG editor, with Zend_Form? Another relatively common question. There are many ways you can do this, but let's look at these two as they are the best in my opinion: Adding some JavaScript to your view script, Creating a Zend_Form_Decorator. We'll be using FCKeditor, but you can apply the techniques shown to others, such as TinyMCE, as well.

The first method, via javascript, just drops the editor in inside some script tags. The second (more "Zend Framework way") creates a decorator as a custom way to insert the same javascript code. A call to appendScript inside the render() function (the code is here). Then its just a call to addDecorator to plug in a CU_Form_Decorator_FckEditor instance.

On the MSBWare.com site there's a new tutorial looking at the integration of the FCKeditor (a powerful web-based editor that works much like Word) with a MySQL database backend via PHP.

This article is intended to address the lack of documentation in integrating the FCKeditor with your MySQL database. Their tutorials show how to configure and use the editor, but how to get it to save to your database isn't addressed at all. While this article will utilize the MySQL DBMS, the concepts are the same for any DBMS.

They start with the download and install of the editor, including placing it in a page where it can be used (inclusion and configuration). The next step is to wrap the entire editor block in a form to make it submittable and, finally, write the update script to happen on submit. Complete code is included at the end of the tutorial.

On the MSBWare.com site there's a new tutorial looking at the integration of the FCKeditor (a powerful web-based editor that works much like Word) with a MySQL database backend via PHP.

This article is intended to address the lack of documentation in integrating the FCKeditor with your MySQL database. Their tutorials show how to configure and use the editor, but how to get it to save to your database isn't addressed at all. While this article will utilize the MySQL DBMS, the concepts are the same for any DBMS.

They start with the download and install of the editor, including placing it in a page where it can be used (inclusion and configuration). The next step is to wrap the entire editor block in a form to make it submittable and, finally, write the update script to happen on submit. Complete code is included at the end of the tutorial.

In an article from the Zend Developer Zone by Manuel Lemos, there's a look at how to avoid cross-site scripting security attacks on a site that allows users to input information via a HTML editor.

HTML editors are great. However, care must be taken to avoid security abuses. An application that uses HTML editors, expects that the submitted HTML content comes correctly formatted and well-formed. That happens when real users use real browsers to edit the content.

However, an attacker may create a program that pretends to be a real browser and submit specially crafted HTML with Javascript that may open security holes.

Manuel talks a bit about what cross-site scripting means in this context and a simple (Javascript) example of how a user could abuse it. His solution? Parse the incoming data (filter it!) and look for potentially harmful tag types. To do this, he recommends the PHP Input Filter class. There's even a simple example of how to use it included in the post.

In an article from the Zend Developer Zone by Manuel Lemos, there's a look at how to avoid cross-site scripting security attacks on a site that allows users to input information via a HTML editor.

HTML editors are great. However, care must be taken to avoid security abuses. An application that uses HTML editors, expects that the submitted HTML content comes correctly formatted and well-formed. That happens when real users use real browsers to edit the content.

However, an attacker may create a program that pretends to be a real browser and submit specially crafted HTML with Javascript that may open security holes.

Manuel talks a bit about what cross-site scripting means in this context and a simple (Javascript) example of how a user could abuse it. His solution? Parse the incoming data (filter it!) and look for potentially harmful tag types. To do this, he recommends the PHP Input Filter class. There's even a simple example of how to use it included in the post.