-2

I want to store some html codes in mysql database , I did not do this ever before , what is the correct way to store html in db?

$html_code='<div class="hello"><p>hello world</p></div>';

// database table
part_name | html_code
hello | ??
linjuming
  • 2,117
  • 4
  • 23
  • 32
  • `part_name | html_code hello | ??` What is this? – Ejaz Apr 08 '13 at 05:47
  • possible duplicate of [Store HTML into MySQL database](http://stackoverflow.com/questions/2641561/store-html-into-mysql-database) – Rikesh Apr 08 '13 at 05:47
  • 3
    And have you ever stored `anything` in a MySQL database before? – Hanky Panky Apr 08 '13 at 05:48
  • 1
    *Exact duplicate:* [What datatype should I use for my column? \[MySQL\]](http://stackoverflow.com/q/1805199) – Danny Beckett Apr 08 '13 at 05:49
  • but I want to do some encode or decode in my php .mysql_real_escape_string function output error when I code in my php – linjuming Apr 08 '13 at 06:01
  • @linjuming What was the error? We will need to see the code you've got already. – Dracs Apr 08 '13 at 06:12
  • Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in D:\phpnow\htdocs\laji\laji.php on line 4 – linjuming Apr 08 '13 at 06:36

1 Answers1

3

My recommend is use htmlpurifier to do it for you , sanitize input and remove all malicious code

otherwise you have to write a function like remove_special_chars($string) for removing special chars like < > " and replacing them with something like &lt;,&gt;,&quot;... and save to your db. And after reading data from db use a function like add_special_chars($string) for vice versa action to show the content. which are not easy and still non reliable

Community
  • 1
  • 1
Amir
  • 4,089
  • 4
  • 16
  • 28
  • Why removing tags before db insertion? html should be inserted as is, and only "sanitized" before outputting. There's no malicious html/js inside a db – Damien Pirsy Apr 08 '13 at 06:53
  • @DamienPirsy for example if `` stores in a comment field by user, when we try to read it what happend? – Amir Apr 08 '13 at 07:00
  • And that's why I said sanitize BEFORE OUTPUTTING. ``, when INSIDE A DB CELL, what happens? – Damien Pirsy Apr 08 '13 at 08:38
  • @DamienPirsy, I edited my response, please recheck and edit my answer to true reply, Thank you – Amir Apr 08 '13 at 09:10