How to save HTML to Mysql

Asked

Viewed 3,294 times

3

I’m at an impasse about storing an HTML in the comic. I’m using the php property: htmlentities($_POST['codhtml']) to perform this operation. However, when saving a code such as:

<span class="frase-aditivo mover" id="adt6-enable" style="transform: translate3d(-2px, 202px, 0px); cursor: move; touch-action: none; -webkit-user-select: none; z-index: 1004; border: 3px dashed red; font-size: 112px; font-family: &quot;Comic Sans MS&quot;; color: rgb(0, 64, 128);">Leve a alegria do Natal para sua casa ! </span>

In the bank is stored:

&lt;span class=&quot;frase-aditivo mover&quot; id=&quot;adt6-enable&quot; style=&quot;transform: translate3d(-2px, 202px, 0px); cursor: move; touch-action: none; -webkit-user-select: none; z-index: 1004; border: 3px dashed red; font-size: 112px; font-family:

That is, for some reason the code is lost whenever there is a URL or after "font-family:".

What is the best way to accomplish this rescue ?

PS. I am using Longtext.

Thank you =D

/* Continuation CODE*/

$("#mt_finalizar").click(function(event) {
      var codhtml = '<span class="frase-aditivo mover" id="adt6-enable" style="transform: translate3d(-2px, 202px, 0px); cursor: move; touch-action: none; -webkit-user-select: none; z-index: 1004; border: 3px dashed red; font-size: 112px; font-family: &quot;Comic Sans MS&quot;; color: rgb(0, 64, 128);">Leve a alegria do Natal para sua casa ! </span>';

      $.ajax({

            type      : 'post',

                url       : 'salvarDados.php',

                data      : 'codhtml='+codhtml
                            +'&motivoid=2'
                            +'&formatoid=2'
                            +'&motivonome=Nome',
                dataType  : 'html',

                success : function(txt){
                     alert("Sucesso,");
                },
                error: function(result) {
                    alert("Erro ao Salvar");
                }
      });



$resultado = $this->conexao->exec("INSERT INTO tabela (col1,col2,col3,col4,col5,col_codhtml,col6) VALUES(2,2,2,2,2,'$codhtml','Nome')");
  • 1

    I use base64_encode and base64_decode when saving HTML in the database.

  • 2

    @Mayronceccon bad habit. It takes up much more space, and has no advantage. Moreover it is an encoding process and a decoding process the most totally unnecessary. Here’s the suggestion to learn better how to use DB and language features to improve your apps.

  • 1

    Dude, I know blob type saves file and stuff, I think it’s valid you test with it.

  • I tried to use this base_64 but the string is broken in the same way. I will try to use the type blob.

  • @user48796 your problem shouldn’t be in DB, it’s probably in the way you’re doing Insert. Even if it worked, Base64 would only disguise the problem. Only if you don’t post the code in the question, it won’t work. Probably your question has already been solved in this post: http://answall.com/questions/21318/70

  • @Bacco Thanks for the support ! I believe the error is at the time I pass the parameter HTML, when it finds the '&' it interprets as a new parameter... I’d have a solution for that ?

Show 1 more comment

1 answer

5


On the JS part change that:

data      : 'codhtml='+codhtml

therefore:

data      : 'codhtml='+encodeURIComponent(codhtml)

The encodeURIComponent serves to "escape" the special characters that are normally used in URL or POST values.


On the PDO part change this:

$resultado = $this->conexao->exec("INSERT INTO tabela
(col1,col2,col3,col4,col5,col_codhtml,col6)
VALUES(2,2,2,2,2,'$codhtml','Nome')");

therefore:

$resultado = $this->conexao->exec('INSERT INTO tabela 
(col1,col2,col3,col4,col5,col_codhtml,col6)
VALUES(2,2,2,2,2,'.$this->conexao->quote($codhtml).',"Nome")');

(I broke the lines just to make it easier to read)

The quote swap the characters that may conflict with the Query, preventing quotes and escape characters from corrupting the string. It also adds quotes on the "ends" of the string

The ideal would be to use Prepared statements. See examples in this question:

How to prevent SQL code injection into my PHP code?

  • Hello friend, I did not know this property in Jquery. It worked perfectly. Thank you !

  • I’m glad you solved it. Just one detail, encodeURIComponent is not jQuery, it’s Javascript. Even if you don’t use jQuery, it works.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.