i want to update my database with new html code this it the query:
UPDATE `Pages` SET `content`= '<div id="intro">
<div id="about" align="left">
<h2 class="bigHeader" dir="rtl"HEADER</h2>
<img src="img/Med-logo.png" alt="" />
<div id="wellcomePage" class="text-left text" dir="rtl">
<p>...some words....</p>
<p>.some words....</p>
<p> </p>
</div>
</div>
</div>'
but all the time i get an error. how can i update my database, i don't know what will be inside this html code, is there a function that make all the code like string without special sign?
EDIT:: the problem is with the special char like ' i can't change the html code, is user chice to put it.
Do following using addslashes()
function, so it will help easily to insert update html to
UPDATE `Pages` SET `content`= addslashes('<div id="intro">
<div id="about" align="left">
<h2 class="bigHeader" dir="rtl"HEADER</h2>
<img src="img/Med-logo.png" alt="" />
<div id="wellcomePage" class="text-left text" dir="rtl">
<p>...some words....</p>
<p>.some words....</p>
<p> </p>
</div>
</div>
</div>')
Try this:- $htmlcode = mysql_real_escape_string($htmlcode);
For example:-
$htmlcode = '<div id="intro">
<div id="about" align="left">
<h2 class="bigHeader" dir="rtl"HEADER</h2>
<img src="img/Med-logo.png" alt="" />
<div id="wellcomePage" class="text-left text" dir="rtl">
<p>...some words....</p>
<p>.some words....</p>
<p> </p>
</div>
</div>
</div>';
$htmlcode = mysql_real_escape_string($htmlcode);
UPDATE `Pages` SET `content`= '$htmlcode';
store your html content in one variable and use addslashes() when you are inserting it to database.
$content='<div id="intro">
<div id="about" align="left">
<h2 class="bigHeader" dir="rtl"HEADER</h2>
<img src="img/Med-logo.png" alt="" />
<div id="wellcomePage" class="text-left text" dir="rtl">
<p>...some words....</p>
<p>.some words....</p>
<p> </p>
</div>
</div>
</div>';
and write your query as below
UPDATE `Pages` SET `content`=addslashes($content);
Hope this will help you :)
I assume this will do the trick
when you get the text back from the database just decode it back
This could be duplicate of this post
in any case... this could be the solution for you
$html = mysql_real_escape_string($html);
$sql = "UPDATE `Pages` SET `content`= $html";
I think there should be a (') single Quote into your string.
You can use the 'htmlspecialchars' function with ENT_QUOTES as second argument.
And also 'mysql_real_escape_string' function can be used.
Like
$hcode = '<div id="intro">
<div id="about" align="left">
<h2 class="bigHeader" dir="rtl"HEADER</h2>
<img src="img/Med-logo.png" alt="" />
<div id="wellcomePage" class="text-left text" dir="rtl">
<p>...some words....</p>
<p>.some words....</p>
<p> </p>
</div>
</div>
</div>';
$hcode = htmlspecialchars($hcode, ENT_QUOTES);
UPDATE `Pages` SET `content`= '$hcode';
Would be nice if you could use PDO to prepare the statement before and then you would insert the data. The variables you would insert can be anything, you do not need to care if they have ' or " or ' " > It is all fine, by using the prepare() we are saying that we will insert the following variables without any change. So even if you have code or sql injection it will consider as text no matter what. You could do a PDO connection like this:
$host = 'hostname';
$user = 'duh_user';
$password = 'duh_pwd';
$dbname = 'myDatabase';
$dsn = 'mysql:host='.$host.';dbname='.$dbname.';charset=utf8mb4';
$pdo = new PDO($dsn, $user, $password);
$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$column1 = $htmlcode;
$column2 = $anything;
$column3 = $reallyAnything;
$query = "INSERT INTO table_name(column1, column2, column3) VALUES (?, ?, ?)";
$stmt = $pdo->prepare($query);
$stmt->execute([$column1, $column2, $column3]);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.