6

I want to store an HTML code in an SQL database. It stores everything fine except when there are attributes defined such as border="0". I think single quotation mark is not an issue. How do i avoid this from happening.

The error: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0">

Improve this question

3 Answers 3

Reset to default
6

Are you escaping the HTML before attempting to insert it into the database? Assuming your HTML is stored in the variable $html

$html = mysql_real_escape_string($html);
$sql = "INSERT INTO html_docs (html) VALUES('$html')";
mysql_query($sql);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

5

You need to escape your strings, looks like mysql_real_escape_string will do the job in PHP.

Improve this answer

Comments

3

The normal advice is don't concatenate parameters and code to build the SQL; use static SQL and pass data as parameters. All decent SQL APIs have parameter-binding mechanisms.

However, AFAICT, there is no such mechanism in PHP database APIs. Instead, it seems that you should use mysql_real_escape_string to escape strings before injecting them into your SQL statements. Please, someone tell me that I'm wrong and that the PHP authors aren't that stupid.

Improve this answer

4 Comments

There is a thing called PDO which can do this. AFAIK it's not in PHP by default.
So what do i use, when i want to print as normal HTML again. I mean sometimes the data appears as <img src=//"0 .... Without the image being actually shown. Is there something like mysql_get_back_original_form_of_the_string()
This should never happen. It's difficult to provide any advice, however, without seeing some relevant snippets of code.
@Zack - Escaped strings aren't stored in the database escaped. When you query the database you'll get your string back unescaped. This may be helpful to you php.net/manual/en/security.magicquotes.disabling.php

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.