1

I am using php and trying save some html contents in mysql database. the html content is generating by ckeditor. The content is something like this-

<p><img align="left" alt="" src="images/1im1.jpg" style="margin:1px 15px 0 0; border:1px solid #cecece; " /> <img alt="If syou love hot sauce" src="images/tit_If-you-love-hot-sauce.jpg" /></p><br>D'elidas is a fine<p>

I am using this in php-

$main_data = mysql_real_escape_string($_POST['content']);

This was working okay in my localhost(xampp). but not working in online. my hosting is using latest version of PHP and MySQL. after saving in online database, I see like this-

<p><img align=\"left\" alt=\"\" src=\"images/1im1.jpg\" style=\"margin:1px 15px 0 0; border:1px solid #cecece; \" /> <img alt=\"If syou love hot sauce\" src=\"images/tit_If-you-love-hot-sauce.jpg\" /></p>br>D\'elidas is a fine<p>

And that is why the HTML is not displaying correctly in my page. Please help me about this. this is adding slashes before quotes. I want to save exact html and show in front end.

Improve this question

4 Answers 4

Reset to default
7

You hosting company probably has magic quotes turned on - http://php.net/manual/en/security.magicquotes.php

You can't disable it in code, but Example 2 here shows a work around http://www.php.net/manual/en/security.magicquotes.disabling.php

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Any host which has magic quotes turned on these days should be run out of business.
Magic quotes, the bane of every PHP programmer's existence...WTF were they thinking?
2

It sounds like your host probably has magic_quotes_gpc turned on, which will automatically add slashes to quotes and double quotes on data coming in from $_GET, $_POST, and $_COOKIE.

You might want to create a wrapper function for escaping GPC data. As an example...

function mysql_escape_gpc($dirty)
{
    if (ini_get('magic_quotes_gpc'))
    {
        return $dirty;
    }
    else
    {
        return mysql_real_escape_string($dirty);
    }
}

This way your code is portable, regardless of how the server is configured.

Also, if your production environment supports it, you should consider looking into prepared statements. This way you don't have to worry about escaping your data, however you would still need to UNescape it in the event that magic_quotes_gpc is turned on.

Improve this answer

Comments

-1

When you fetch it from the database you need to run a stripslashes() on the HTML string. Right?

Improve this answer

3 Comments

Why would you downvote me? I posted a simple solution for this guys problem.
Allowing the HTML to be inserted into the database with extra slashes and then fixing it later is not a solution. Treat the cause, not the symptoms.
@StoneGarden see the first two answers.
-1

I accomplished this by using the following code segments in php and mySQL database:

Storing into the database. You must use the following code segment in the actual mySQL Insertcall. I found out if you do this to the variable first and then put the variable in the insert call it will not work. The function must be in the mySQL statement.
mysql_real_escape_string($myValue)

Retrieving Into textbox in value. Assuming your values have been already retrieved from the database and now are in an array Called theValues. Basically I am Removing any backslashes but before hand I'm making sure it can be displayed correctly using htmlentities. Since you are no Backslashes in HTML that I know of it fixes it where servers replace quotes with \". If you do encounter some Back slashes in HTML you'll just have to be a bit more clever in your replacement function.
$myValue= str_replace("\\", "", htmlentities($theValues->myValue)); echo $myValue;

echoing out on to a page same reasons as above, but the htmlentities function Makes it only display the text of the HTML Instead of processing the HTML
str_replace("\\", "",$myValue)

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.