0

I have a php code snippet like below :

function is_ancestor_of( $page_name = null, $post ) {

if(is_null($page_name))
return false;

// does it have a parent?
if (!isset( $post->post_parent ) OR $post->post_parent <= 0 )
return false;

//Get parent page
$parent = wp_get_single_post($post->post_parent);

 if ( $parent->post_name == $page_name ){
echo $parent->post_name.' - '.$page_name;
return true;
} else {
is_ancestor_of( $page_name, $parent );
}
}

I just want to insert this whole code in mysql database table and again retriew it with this same formatting on the page again. When I simply insert this code in database using INSERT INTO query then the mysql syntax error occurs because the code breaks sql query because of special characters. Is there any way to do this??

Thanks.

Improve this question
1
  • 2
    A couple of questions: 1. Are you using prepared statements like in PDO? 2. Is this code you're trying to insert being treated as a string? 3. What is the column's data type (where you're trying to insert this code snippet; should be inserting into text types or similar)? 4. I won't ask why you're trying to add the code snippet to a DB row. I'll just assume it's a legitimate reason like a blog posting code examples :) Commented Jul 15, 2012 at 18:23

3 Answers 3

Reset to default
3

Yeah, you can do this. Multiple ways:

  1. PDO - that's the best option actually. Study this topic in the PHP manual as this can be a lot more help than just protecting your MySQL queries in PHP from breaking.
  2. addslashes() - adds slashes to escape characters. This won't break your MySQL query for sure.
  3. mysql_real_escape_string()
  4. mysql_escape_string()

EDITED Emphasized PDO as compared to the previous version of this answer as PDO is far more safer than the other options and there is a lot more to it which can be used while working with PHP and MySQL.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Do not use addslashes to escape strings for MySQL queries. You shouldn't even be using mysql_real_escape_string or any of the mysql module functions at this point. Use either mysqli or pdo. But definitely don't use addslashes.
Yeah, I use PDO myself but those are the ones that I started off with. But yes, definitely PDO should be the way to do it.
3

Escape special characters using mysql_real_escape_string(). You'd probaply be better off moving away from mysql_* functions though and start using PDO or mysqli_* for example.

Edit As mentioned in the comments, make sure you place the code as a string and that the DB field is the correct data type. Also, make sure you use mysql_real_escape_string() (if you insist on using mysql_*) on the whole string (or code).

Improve this answer

Comments

0

You will need to use mysql_real_escape_string() to escape the php code so it does not throw an error when inserting. Then you run an eval() on the statement, if you want it to execute. If you have a mixed html and php stored in the database you would call eval like so

 eval('?>'.$dbresult.'<?php');

Just make sure you stripslashes() on the database result

Improve this answer

1 Comment

yeah it sucks but one of the only ways to get code to execute from a db

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.