How to save HTML META and JavaScript in Database using PHP?

Question

It is not duplicate post since I escape the form using htmlspecialchars() to clean the submitted form and the active records from CodeIgniter are escaping all the quotes. The error Is not one from Database, it is a block from the server when I try to send the form.

I am having a form that will submit data to a PHP page which then will be submitted into the database. My problem is that I might want to store the script for Google Analytics, or for example some HTML meta that will need to be generated automatically from the database.

Let's say I want to send this code FROM HTML form to a PHP page then to insert into the database.

<script async src="https://www.googletagmanager.com/gtag/js?id=UA-11111-1"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}
  gtag('js', new Date());

  gtag('config', 'UA-111111-1');
</script>

I get a 403 error from the server, how can I sanitize or make it safe when the server is processing my form?

Answer 1

The way I handle this is to only save the Google UA to the database and hard code the script into the file. Since the script is to be called in on every page it can easily be placed in a template system.

Example:

$gUA = 'UA-11111-1';

    echo '<script async src="https://www.googletagmanager.com/gtag/js?id='.$gUA.'"></script>';
    echo '<script>';
      echo 'window.dataLayer = window.dataLayer || [];';
      echo 'function gtag(){dataLayer.push(arguments);}';
      echo "gtag('js', new Date());";

      echo "gtag('config', '".$gUA."');";
    echo '</script>';

You can avoid having to escape the quotations by using the opposite single or double quote from that in the string.