Home     Articles & Projects     Products & Web Services     Forum

You are here: Home » Forum

Insert HTML into DB

Thu, 11/05/2009 - 09:16 — russellharrower

I am having the biggest problems adding HTML signs like & into the DB.
I have tried everything I know of.

mysql_real_escape_string - seem not to work, and you would think it would.
addslashes() - Seems not to help me.

so just wondering what is the right code to use.

‹ Rip a part of html CASE stock:asx. ›
Thu, 11/05/2009 - 11:57 — dmorison

Hi

Hi Russell,

mysql_real_escape_string() should make everything safe. Make sure that you are using quotes around the actual string to insert, for example:

  $sql = "INSERT INTO table SET html = '".mysql_real_escape_string($html)."'";

(it's a little hard to see because the ' is immediate adjacent to " either side of the string)

If it's the SQL that you think isn't working, you can always use mysql_error($link) immediately after the call to mysql_query and that should explain why the SQL is invalid...

Sat, 11/07/2009 - 03:19 — russellharrower

I did what you said, but I

I did what you said, but I still get an error and the mysql_error($link) but replaced link with sql and it still did not help.

$sql = "select site_id from  `tbl_site` WHERE `site_url` = '".mysql_real_escape_string($siteurl)."'";
$result = mysql_query($sql) or die ("Could not run query - siteurl");
$num = mysql_num_rows ($result);

if($num == 0) {

//insert into database
print $siteurl;
$sql_insert = "insert into `tbl_site` ( `site_name`, `site_url`) values ( '$sitename', '".mysql_real_escape_string($siteurl)."')";
$result_insert = mysql_query($sql_insert) or die ("Could not run query - siteurl - insert");

// get new site id

$siteId = mysql_insert_id();

} else {

// get site id

$row = mysql_fetch_assoc($result);
extract($row);

$siteId = $site_id;

}

The error I get is {link saved} - Could not run query - siteurl - insert

Sat, 11/07/2009 - 19:35 — dmorison

Hi Russell, Rather than

Hi Russell,

Rather than aborting the script with a fixed error message, use the MySQL mysql_error function which should give more information about why the query failed - it may not be anything to do with the HTML aspect... For example, instead of:

$result_insert = mysql_query($sql_insert) or die ("Could not run query - siteurl - insert");

...use:

$result_insert = mysql_query($sql_insert) or die mysql_error();

Hope this helps,
Cheers,
David.