Hey all,

The title speaks for itself I suppose, but I have been having trouble finding a solution to actually inserting html into a database and then showing it again fully formatted.

Say if I have some html in a string such as:

$content = '
<strong>test</strong>
<br>
<br>
<strong>new line</strong>
';

and I try to insert it in the manor:

$data = htmlspecialchars($content, ENT_QUOTES);
$new = addslashes($data);
$SQL = "INSERT INTO tbl_test (content) VALUES ($new)";
$query = mysql_query($SQL) or die(mysql_error());

I receive:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '<strong>test</strong> <br> <br> <strong>new line&l' at line 2

arggh.

Any thoughts would be more than appreciated.

Further to this solution I am wanting to insert data from a WYSIWYG editor in the same way if there is anything to take into account here as well.

Thanks a bunch.

    More likely, assuming magic_quotes_gpc is off:

    $data = htmlspecialchars($content, ENT_QUOTES);
$new = mysql_real_escape_string($data);
$SQL = "INSERT INTO tbl_test (content) VALUES ('$new')";
$query = mysql_query($SQL) or die(mysql_error());

      A simplified genius thanks!!!

      ok so that has inserted perfectly, how do I now format it again when retreived in the manor:

      $SQL = "SELECT * FROM tbl_test";
$query = mysql_query($SQL) or die(mysql_error()); 
while($row = mysql_fetch_assoc($query)){
echo $row['content'];
}

      As expected, I only see the string....hmmmmm

      Thanks in advance!

        Hey sorry if that wasn't clear,

        I mean how do I format the data I just inputted onscreen.

        If I use something like:

        $SQL = "SELECT * FROM tbl_test";
$query = mysql_query($SQL) or die(mysql_error());
while($row = mysql_fetch_assoc($query)){
echo $row['content'];
}

        Then I am shown this in the browser:

        <strong>test</strong> <br> <br> <strong>new line</strong>

        I was wonderinghow to show this as actual html and format it as html?

        Thanks.

          So, when you look at the source you see all the extra stuff to deal with angle brackets echoing to screen? That seems odd to me.

          I store stuff to my db using mysql_real_escape_string() and it comes back just like that.

          What sort of field is 'content' on the database?

            I was wonderinghow to show this as actual html and format it as html?

            Drop this line from your insertion code:

            $data = htmlspecialchars($content, ENT_QUOTES);

              Thanks again dropping at line works fine

              As I mentioned previously, my aim is to achieve the same effect using a WYSIWYG editor.

              I am using TinyMCE if anyone has heard of it?

              Just to test it out I used the same code above, but this time I change the insertion string to the value of the text area on my form.

              On execution I receive the error:

              You have an error in your SQL syntax.......blah

              So I am guessing that I have to escape something else before I insert. Just wondering if anyone has had any success with this editor before?

              Cheers.

                No worries. Got it sorted. I used addslashes(); and it works great.

                Thanks for all your help. More than appreciated.

                Best.

                  So I am guessing that I have to escape something else before I insert.

                  That was what the mysql_real_escape_string() call was for. If you removed it along with your removal of the htmlspecialchars() call, put it back and remove your newly added addslashes() call instead.

                    Write a Reply...