writing HTML file contents to mysql database

phence

I am having trouble writing the contents of an HTML file to a mysql database.

I keep getting this SQL error
Error 1064 : You have an error in your SQL syntax near 'img/upcomingcds.gif','img/upcomingcds2.gif')"> ' at line 1

// get contents of news html file into a string
$filename = "news.html";
$handle = fopen($filename, "r");
$news_html = fread($handle, filesize($filename));
fclose ($handle);

// Build Query
$query = "UPDATE news SET content = '$news_html' where keyId = 1";

i don't know how to fix this error. the SQL statment is executing the $news_html variable instead of just entering it's contents into the mysql database. Im not sure how else to do this.

I would grealty appreciate your help.

mahers

Try adding slashes before executing the query.

$news_html = addslashes($news_html);

But don't forget to remove them before displaying the html again.

// After getting html from db.
$news_html = stripslashes($news_html);

ednark

maybe there is stuff inside $news_html that looks like sql? the culpret might be the first single qupte, which would look like the ending of your inserted variable

try reformatting yout $new_html string to be sql_safe, this is dependant on your database but just replacing all your ' with '' should be sufficient for mysql, also if it won't wreck your code to remove all ; characters i'd do that just to be safe, since ; could accidentally end the sql statement too soon

[man]str_replace[/man]( "'", "''", $news_html );

[edit]

mahers example will work also, it wasn't up when i hit reply

phence

hey guys! thanks for your spactacular information! & Help!!