Inserting html code in a mysql table

Question

I use joomla to manage a website... and i am developing a stand alone php application that will insert and modify data into the tables that are used by joomla to store the

Answer 1

fulltext is a mysql predefine keyword. Please use Acute(`) or single quote(')

Here is code -

UPDATE $jos_content
SET    `introtext` = '$intro_code',
       `fulltext`  = '$article_code'
WHERE  `id` = '$article_id'";

Answer 2

if you are using mysqli, it needs a connection.

mysqli_real_escape_string($conn, $_POST["name"]);

Answer 3

if you are worried about space and are using the base 64 encode method posted here you could use the gzdeflate command in php to cut it down then encode it. Here is a little test script on some generated sample characters. Obviously there are different compression methods to look into if you are concerned with size but this would mean you could put it into mysql minimising the size on the db. You could then read it back with gzinflate(base64_decode( ... ));

<?php
//generate sample chars for the example
function generateRandomString($length = 10000) {
    $characters = '01234"56/789abcdefghij:klmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $randomString = '';
    for ($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, strlen($characters) - 1)];
    }
    return $randomString;
}
//

$string =generateRandomString();
echo 'string size:'.strlen($string);
$b64html = base64_encode($string);
echo '<br/>'.'Original base64 size:'.strlen($b64html);
$compressed = gzdeflate($string,  9);
echo '<br/>'.'compressed size:'.strlen($compressed);
echo '<br/>'.'base64 compressed size:'.strlen(base64_encode($compressed));
 /* insert into db the base64_encode($compressed); */
?>

Answer 4

Just to confirm, your query looks like this right:

$query = '
    UPDATE "'.mysql_real_escape_string ($jos_content).'"
    SET    introtext = "'.mysql_real_escape_string ($intro_code).'",
           fulltext  = "'.mysql_real_escape_string ($article_code).'"
    WHERE  id = "'.mysql_real_escape_string ($article_id).'"
";

Answer 5

insert html code into database

$title = $_POST['title'];
$code = '<h1>hello</h1></p>this html tage</p>';
$htmlcode = addslashes($code);

 $query = "INSERT INTO `template` (`title`,`code`) VALUES ('".$title."','".$htmlcode."');"; 
mysqli_query($con,$query);

after insert data into database show data in listing page

$result = mysqli_query($con,'SELECT * FROM template');                                  
while($row = mysqli_fetch_assoc($result)) {

 echo htmlentities($row['code']);

}
htmlentities($row['code']); //here your row name;