How to insert html into database using PHP

Question

I have the following html code:

<div class=" modal" id="indexModal">
    <span class="thing"></span>
    <a href="#" class="closeMe" title="Inchide">&#238;nchide</a>
    <h2 class="title">Promo&#355;ia lunii februarie!</h2>
    <div>
        <h3>Beneficia&#355;i de promo&#355;ia sezonului.</h3>
        <p>&#206;n luna Februarie,  v&#259; ofer&#259; posibilitatea de a achizi&#355;ioana, solarii profesionale  &#351;i hobby, sisteme de irigatii, folie &#351;i accesorii  cu o reducere de 10% aplicat&#259; la pre&#355;ul de producator.</p>
        <a href="http://www.domain.com/solarii/10/solarii-profesionale-latimi-6m-sau-8m" class="orangeButton">vede&#355;i oferta special&#259;!</a>
    </div>
</div>

and I want to insert it into database but it doesn't saves the full content. I tried using htmlentities() on insert, and html_entity_decode() when I want to display the html. But all I get is this:

<div class=" modal" id="indexModal">
    <span class="thing"></span>
    <a href="#" class="closeMe" title="Inchide">închide</a>
    <

Can you explain me, how to safely insert some html in database without problems and how to display that html afterwards on a page? My table is utf8_general_ci charset.

Answer 1

The short answer is 'don't put HTML into a database'.

There are a lot of very good reasons for this. Some are:

• Reusing the data in another non-HTML context is not possible
• Extracting the data with other data joined to it is not possible
• You end up with encoding problems like you are having now
• If you wish to change the way your site is laid out, you have to update every database field, rather than just one HTML template.

Use PHP to extract and store just text, or just numbers and store them in a proper set of relational tables. If you are not sure how, take the time to learn, otherwise you will find many more headaches further down the line when you inevitably want to expand the site to other things you haven't thought of yet, or change the way it works.

Answer 2

You need to change your database structure to accept more characters. Example: Set your column type to varchar 250 (or however many characters you need) *it does have a maximum number of characters though.

Answer 3

Just use PDO prepare statement and it will allow any kind of text to be added on the database. It will actually consider all the variables as text, so it will add in the way you are looking for Like this:

$host = 'localhost';
$user = 'root';
$password = '';
$dbname = 'myDatabase';


$dsn = 'mysql:host='.$host.';dbname='.$dbname.';charset=utf8mb4';
$conn = new PDO($dsn, $user, $password);

$conn->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);

$query = "INSERT INTO yourTable(someColumn, messageHTML) VALUES (?, ?)";
$stmt = $conn->prepare($query);//This is the line that will consider all as text
$stmt->execute([$something, $html]);

Answer 4

Im not sure what you mean by insert safely, if you mean that you get funny characters with the charset then try the following two steps

1) First you need to check what charset your mysql is setup as. Different setups default to different ones. I generally go for utf8. it should be fairly straight forward to change and setup. From mysql administrator or some other tool. see following http://dev.mysql.com/doc/refman/5.0/en/charset-connection.html

2) Then your html document headers if youadd the following meta tag

<meta http-equiv="content-type" content="text/html;charset=UTF-8" />

this should link the two charsets up and remove funny characters