如何使用 php 将 HTML 代码插入到数据库中

Question

i want to update my database with new html code this it the query:

UPDATE `Pages` SET `content`= '<div id="intro">
<div id="about" align="left">
<h2 class="bigHeader" dir="rtl"HEADER</h2>
<img src="img/Med-logo.png" alt="" />
<div id="wellcomePage" class="text-left text" dir="rtl">
<p>...some words....</p>
<p>.some words....</p>
<p>&nbsp;</p>
</div>
</div>
</div>' 

but all the time i get an error. how can i update my database, i don't know what will be inside this html code, is there a function that make all the code like string without special sign?

EDIT:: the problem is with the special char like ' i can't change the html code, is user chice to put it.

Answer 1

Do following using addslashes() function, so it will help easily to insert update html to

UPDATE `Pages` SET `content`= addslashes('<div id="intro">
<div id="about" align="left">
<h2 class="bigHeader" dir="rtl"HEADER</h2>
<img src="img/Med-logo.png" alt="" />
<div id="wellcomePage" class="text-left text" dir="rtl">
<p>...some words....</p>
<p>.some words....</p>
<p>&nbsp;</p>
</div>
</div>
</div>') 

Answer 2

Try this:- $htmlcode = mysql_real_escape_string($htmlcode);

For example:-

$htmlcode = '<div id="intro">
<div id="about" align="left">
<h2 class="bigHeader" dir="rtl"HEADER</h2>
<img src="img/Med-logo.png" alt="" />
<div id="wellcomePage" class="text-left text" dir="rtl">
<p>...some words....</p>
<p>.some words....</p>
<p>&nbsp;</p>
</div>
</div>
</div>';

$htmlcode = mysql_real_escape_string($htmlcode);

UPDATE `Pages` SET `content`= '$htmlcode';

Answer 3

store your html content in one variable and use addslashes() when you are inserting it to database.

$content='<div id="intro">
<div id="about" align="left">
<h2 class="bigHeader" dir="rtl"HEADER</h2>
<img src="img/Med-logo.png" alt="" />
<div id="wellcomePage" class="text-left text" dir="rtl">
<p>...some words....</p>
<p>.some words....</p>
<p>&nbsp;</p>
</div>
</div>
</div>';

and write your query as below

UPDATE `Pages` SET `content`=addslashes($content);

Hope this will help you :)

Answer 4

I assume this will do the trick

Encode your text

when you get the text back from the database just decode it back

Answer 5

This could be duplicate of this post

in any case... this could be the solution for you

$html = mysql_real_escape_string($html);
$sql = "UPDATE `Pages` SET `content`= $html";

Answer 6

I think there should be a (') single Quote into your string.

You can use the 'htmlspecialchars' function with ENT_QUOTES as second argument.

And also 'mysql_real_escape_string' function can be used.

Like

$hcode = '<div id="intro">
<div id="about" align="left">
<h2 class="bigHeader" dir="rtl"HEADER</h2>
<img src="img/Med-logo.png" alt="" />
<div id="wellcomePage" class="text-left text" dir="rtl">
<p>...some words....</p>
<p>.some words....</p>
<p>&nbsp;</p>
</div>
</div>
</div>';
$hcode = htmlspecialchars($hcode, ENT_QUOTES);
UPDATE `Pages` SET `content`= '$hcode';

Answer 7

Would be nice if you could use PDO to prepare the statement before and then you would insert the data. The variables you would insert can be anything, you do not need to care if they have ' or " or ' " > It is all fine, by using the prepare() we are saying that we will insert the following variables without any change. So even if you have code or sql injection it will consider as text no matter what. You could do a PDO connection like this:

$host = 'hostname';
$user = 'duh_user';
$password = 'duh_pwd';
$dbname = 'myDatabase';

$dsn = 'mysql:host='.$host.';dbname='.$dbname.';charset=utf8mb4';
$pdo = new PDO($dsn, $user, $password);

$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);


$column1 = $htmlcode;
$column2 = $anything;
$column3 = $reallyAnything;

$query = "INSERT INTO table_name(column1, column2, column3) VALUES (?, ?, ?)";
$stmt = $pdo->prepare($query);
$stmt->execute([$column1, $column2, $column3]);