Storing all html tags in database table

cbrknight

I have a tab delimited file of items for a shopping cart. Usually I dont have a problem with importing html tags. However this new project uses alot of tags including <table> tags. It seems to be creating a problem with my import. I am already using addslashes for ' but how do I deal with these html tags?

alimadzi

There is a better way...

http://www.php.net/manual/en/function.strip-tags.php

laserlight

What kind of problem are you facing? If you do not need those tags, then alimadzi's suggestion will probably work for you. If you do need them, then you would find it a very destructive solution.

cbrknight

laserlight wrote:
What kind of problem are you facing? If you do not need those tags, then alimadzi's suggestion will probably work for you. If you do need them, then you would find it a very destructive solution.

Unfortunately I do need the tags. It is a description of the products. I have several thousand products I am importing and when I get to some of the products with alot of html in the descriptions they are not importing into the database.

laserlight

I am already using addslashes for '

Oh, and forgot to mention: instead of using addslashes(), use the appropriate escaping function for your database API. For example, you would use mysql_real_escape_string() if using the MySQL extension. Better still, you could use prepared statements with the PDO extension.

I have several thousand products I am importing and when I get to some of the products with alot of html in the descriptions they are not importing into the database.

Could you elaborate? Perhaps give a simplified version of the relevant database schema. To the database engine "<tag>" should be no different from "text".

alimadzi

Sorry for my quick response. I squeeze my "forum time" into spare minutes during the workday, so I don't always read everything carefully. I just assumed you wanted to get rid of the tags and keep the descriptions.

Maybe this would be more appropriate...

http://us2.php.net/manual/en/function.htmlentities.php

laserlight

Maybe this would be more appropriate...

The downside is that that would increase the size of the input proportional to the number of HTML tags. On the other hand, if you actually need them escaped (typically for display as text on a webpage), you would save on processing time later. In that respect htmlentities() (and htmlspecialchars()) make no difference here, since they are used to prevent malicious code injection for text to be displayed to the reader, not to prevent SQL injection.