Mysql result coming with bars

Asked

Viewed 255 times

2

I’m using the http://summernote.org/, and when I send something to the database, for example, if I add this HTML tag <img = src="http://link"> in the editor, and send to the database, it saves so <img ==\"\" src=\"http://link\"> and that way when I select it to display in the frontend, because of the bars it does not display the image, and to send to the database I did so:

if(isset($_POST['acao']) && $_POST['acao'] == 'cadastrar'):
    $dE =    $datahj;
    $msg =   $_POST['aviso'];

    $assunto = $_POST['assunto'];

      $dados_cadastrar = array(
      'data' => $dE,
      'autor' => 'WEnder T',
      'assunto' => $msg,
      'msg' => $w,
      'tag' => '',
      'curto' => '',
      'capa' => '',
      'ads' =>  1
      );
      if($site->inserir('postagem', $dados_cadastrar)){
      echo 'ok';


      }else{
      echo 'erro';
      }

    endif;

The function of inserting PHP:

//metodo de insert
    public function inserir($tabela, $dados) {


        $pegarCampos = array_keys($dados);
        $contarCampos = count($pegarCampos);
        $pegarValores = array_values($dados);
        $contarValores = count($pegarValores);

        $sql = "INSERT INTO $tabela (";

        if ($contarCampos == $contarValores) {
            foreach ($pegarCampos as $campo) {

                $sql .= $campo . ', ';

            }
            $sql = substr_replace($sql, ")", -2, 1);
            $sql .= "VALUES (";

            for ($i = 0; $i < $contarValores; $i++) {
                $sql .= "?, ";
                $i;
            }

            $sql = substr_replace($sql, ")", -2, 1);
        } else {
            return false;
        }

        try {
            $inserir = self::conn()->prepare($sql);
            if ($inserir->execute($pegarValores)) {
                return true;
            } else {
                return false;
            }
        } catch (PDOException $e) {
            return false;
        }
    }

How can I solve this problem ?

php mysql pdo

  • Welcome to Stack Overflow. You can record like this: <img src='http://link'>, should solve the problem simply. To transform <img src="http://link"> use: str_replace("\"", "'", "<img src=\"http://link\">");

  • And a posting system that I need to send by the form and when I send the way you mention it saves so in the bank <img src="http://www.mensagenscomamor.com/images/interna/new/imagens_boa_noite.jpg">, I need to escape before sending to database and avoid SQLI

  • As I mentioned earlier, before recording you can replace \" for ' so when rescuing will have no problem, to replace using replace might work: str_replace("\"", "'", "<img src=\"http://link\">");

  • Desa way , the news that put with html tags I get all broken .

  • I was wrong in replace, it would be like this: str_replace("\\\"", "'", "<img src=\"http://link\">"); he would withdraw the \" and trade for ' so tyrant the problem in reading, if it is not that I did not understand your question, clarify more.

  • 1

    POWWWWWWWWWWWWW , VALEWWW D++ MANO :) NOW YES I FUNCTION AS I WANTED

  • 1

    Related Using get_magic_quotes_gpc with stripslashes is a bad practice for compatibility? ?

Show 2 more comments

1 answer

3

Just to leave a final answer...

Just manipulate the string burst before saving it in the database, transforming \" in ' because HTML also interprets simple quotes. The simplest way is to use the function str_replace(), being like this:

 str_replace("\\\"", "'", "<img src=\"http://link\">");
 /*
     \\ quebra a \ e \" quebra as apas simples, juntando os dois,
     a função irá trocar todos \" por ', poderia usar '\"' no lugar de "\\\""
 */

Browser other questions tagged php mysql pdo

You are not signed in. Login or sign up in order to post.