3

i want to update my database with new html code this it the query:

UPDATE `Pages` SET `content`= '<div id="intro">
<div id="about" align="left">
<h2 class="bigHeader" dir="rtl"HEADER</h2>
<img src="img/Med-logo.png" alt="" />
<div id="wellcomePage" class="text-left text" dir="rtl">
<p>...some words....</p>
<p>.some words....</p>
<p>&nbsp;</p>
</div>
</div>
</div>'

but all the time i get an error. how can i update my database, i don't know what will be inside this html code, is there a function that make all the code like string without special sign?

EDIT:: the problem is with the special char like ' i can't change the html code, is user chice to put it.

Improve this question
3
  • 1
    possible duplicate of Inserting html code in a mysql table Commented Jul 8, 2014 at 11:54
  • Also, sanitize the data (HTML) that is being inserted. Commented Jul 8, 2014 at 11:55
  • the error is because i have special chars inside the html code, i think Commented Jul 8, 2014 at 11:57

7 Answers 7

Reset to default
12

Do following using addslashes() function, so it will help easily to insert update html to 

UPDATE `Pages` SET `content`= addslashes('<div id="intro">
<div id="about" align="left">
<h2 class="bigHeader" dir="rtl"HEADER</h2>
<img src="img/Med-logo.png" alt="" />
<div id="wellcomePage" class="text-left text" dir="rtl">
<p>...some words....</p>
<p>.some words....</p>
<p>&nbsp;</p>
</div>
</div>
</div>')
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

but i need to add 'stripslashes' when i read back from the DB. THX
Yes. you have to add stripslashes when retrieve from DB.
4

Try this:- $htmlcode = mysql_real_escape_string($htmlcode);

For example:-

$htmlcode = '<div id="intro">
<div id="about" align="left">
<h2 class="bigHeader" dir="rtl"HEADER</h2>
<img src="img/Med-logo.png" alt="" />
<div id="wellcomePage" class="text-left text" dir="rtl">
<p>...some words....</p>
<p>.some words....</p>
<p>&nbsp;</p>
</div>
</div>
</div>';

$htmlcode = mysql_real_escape_string($htmlcode);

UPDATE `Pages` SET `content`= '$htmlcode';
Improve this answer

Comments

3

store your html content in one variable and use addslashes() when you are inserting it to database.

$content='<div id="intro">
<div id="about" align="left">
<h2 class="bigHeader" dir="rtl"HEADER</h2>
<img src="img/Med-logo.png" alt="" />
<div id="wellcomePage" class="text-left text" dir="rtl">
<p>...some words....</p>
<p>.some words....</p>
<p>&nbsp;</p>
</div>
</div>
</div>';

and write your query as below

UPDATE `Pages` SET `content`=addslashes($content);

Hope this will help you :)

Improve this answer

Comments

0

I assume this will do the trick

Encode your text

when you get the text back from the database just decode it back

Improve this answer

1 Comment

hmm what is the type of column you are trying to enter the text to?
0

This could be duplicate of this post

in any case... this could be the solution for you

$html = mysql_real_escape_string($html);
$sql = "UPDATE `Pages` SET `content`= $html";
Improve this answer

Comments

0

I think there should be a (') single Quote into your string.

You can use the 'htmlspecialchars' function with ENT_QUOTES as second argument.

And also 'mysql_real_escape_string' function can be used.

Like 

$hcode = '<div id="intro">
<div id="about" align="left">
<h2 class="bigHeader" dir="rtl"HEADER</h2>
<img src="img/Med-logo.png" alt="" />
<div id="wellcomePage" class="text-left text" dir="rtl">
<p>...some words....</p>
<p>.some words....</p>
<p>&nbsp;</p>
</div>
</div>
</div>';
$hcode = htmlspecialchars($hcode, ENT_QUOTES);
UPDATE `Pages` SET `content`= '$hcode';
Improve this answer

Comments

0

Would be nice if you could use PDO to prepare the statement before and then you would insert the data. The variables you would insert can be anything, you do not need to care if they have ' or " or ' " > It is all fine, by using the prepare() we are saying that we will insert the following variables without any change. So even if you have code or sql injection it will consider as text no matter what. You could do a PDO connection like this:

$host = 'hostname';
$user = 'duh_user';
$password = 'duh_pwd';
$dbname = 'myDatabase';

$dsn = 'mysql:host='.$host.';dbname='.$dbname.';charset=utf8mb4';
$pdo = new PDO($dsn, $user, $password);

$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);


$column1 = $htmlcode;
$column2 = $anything;
$column3 = $reallyAnything;

$query = "INSERT INTO table_name(column1, column2, column3) VALUES (?, ?, ?)";
$stmt = $pdo->prepare($query);
$stmt->execute([$column1, $column2, $column3]);
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.