[英]Can not store HTML when sent to php/sql through ajax
I'd like to store some div content when a button is pressed. 我想在按下按钮时存储一些div内容。 I need/want to save the html tags as well in order to reuse.
我也需要/想保存html标签以便重复使用。
When I replace the post variables by any type of string, it works flawlessly. 当我用任何类型的字符串替换post变量时,它都可以正常工作。 I tried cleaning the html variable from line breaks but it didn't do it, tried also to shell the $HTML post in a
$var = <<<HTML HTML
, but this didn't work either. 我尝试从换行符中清除html变量,但没有这样做,还尝试将$ HTML帖子封装在
$var = <<<HTML HTML
,但这也不起作用。
Here is the javascript : 这是javascript:
$("#save").click(function(){
var pageHTML = $("#page_wrap").html();
var name_page = "name";
jQuery.ajax({
type: "POST",
url: "php/saveModel.php",
data: { nHTML: pageHTML,
page : name_page
},
success:function(data){
var responseData = jQuery.parseJSON(data);
var new_div = responseData.message;
$("#page_wrap > *").remove();
$("#page_wrap").prepend(new_div);
$('.editable').aloha();
}
})
})
And here is the php : 这是php:
<?php
mysql_connect('localhost','name','pwd');
mysql_select_db('db');
mysql_query("SET NAMES 'utf8'");
$id = $_POST['page'];
$HTMLpost = $_POST['nHTML'];
$insertSignup = mysql_query("UPDATE Table_name SET model_test='$HTMLpost' WHERE identifiant='$id'");
if($insertSignup){
$status = "success";
$message = "OK";
}
else {
$status = "error";
$message = "NOT OK";
}
//return json response
$data = array(
'status' => $status,
'message' => $message
);
echo json_encode($data);
exit;
?>
Thanks ! 谢谢 !
Simple answer: use mysql_real_escape_string()
to change the quotes to make it safe for entry into the database. 简单答案:使用
mysql_real_escape_string()
更改引号,使其可以安全地输入数据库。
$HTMLpost = mysql_real_escape_string($_POST['nHTML']);
$insertSignup = mysql_query("UPDATE Table_name SET model_test='$HTMLpost' WHERE identifiant='$id'");
Longer answer: You should not be using the mysql_() functions as they are being depreciated. 更长的答案:您不应该使用mysql_()函数,因为它们已被贬值。 Check out prepared statements with PDO or mysqli instead - they will safely handle this for you (and they are not being depreciated).
而是使用PDO或mysqli来检查准备好的语句-它们将为您安全地处理此语句(并且不会折旧)。
Reading: http://php.net/manual/en/pdo.prepared-statements.php or google for more - plenty of examples around. 阅读: http : //php.net/manual/en/pdo.prepared-statements.php或google以获得更多-周围有很多示例。 Best to learn now before you get stung when the mysql_() functions do get removed.
最好在删除mysql_()函数后感到ung脚之前立即学习。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.