发表新帖
发表新帖

saving html content in mysql database

后端 未结
关注
4 791
青春惊慌失措
青春惊慌失措 2021-01-07 09:33

I am using php and trying save some html contents in mysql database. the html content is generating by ckeditor. The content is something like this-
相关标签:
4条回答
  • 無奈伤痛
    2021-01-07 10:10

    I accomplished this by using the following code segments in php and mySQL database:

    Storing into the database. You must use the following code segment in the actual mySQL Insertcall. I found out if you do this to the variable first and then put the variable in the insert call it will not work. The function must be in the mySQL statement.
    mysql_real_escape_string($myValue)

    Retrieving Into textbox in value. Assuming your values have been already retrieved from the database and now are in an array Called theValues. Basically I am Removing any backslashes but before hand I'm making sure it can be displayed correctly using htmlentities. Since you are no Backslashes in HTML that I know of it fixes it where servers replace quotes with \". If you do encounter some Back slashes in HTML you'll just have to be a bit more clever in your replacement function.
    $myValue= str_replace("\\", "", htmlentities($theValues->myValue)); echo $myValue;

    echoing out on to a page same reasons as above, but the htmlentities function Makes it only display the text of the HTML Instead of processing the HTML
    str_replace("\\", "",$myValue)

    0 讨论(0)
  • 一向
    2021-01-07 10:21

    When you fetch it from the database you need to run a stripslashes() on the HTML string. Right?

    0 讨论(0)
  • 一整个雨季
    2021-01-07 10:24

    It sounds like your host probably has magic_quotes_gpc turned on, which will automatically add slashes to quotes and double quotes on data coming in from $_GET, $_POST, and $_COOKIE.

    You might want to create a wrapper function for escaping GPC data. As an example...

    function mysql_escape_gpc($dirty)
{
    if (ini_get('magic_quotes_gpc'))
    {
        return $dirty;
    }
    else
    {
        return mysql_real_escape_string($dirty);
    }
}

    This way your code is portable, regardless of how the server is configured.

    Also, if your production environment supports it, you should consider looking into prepared statements. This way you don't have to worry about escaping your data, however you would still need to UNescape it in the event that magic_quotes_gpc is turned on.

    0 讨论(0)
  • 暖寄归人
    2021-01-07 10:30

    You hosting company probably has magic quotes turned on - http://php.net/manual/en/security.magicquotes.php

    You can't disable it in code, but Example 2 here shows a work around http://www.php.net/manual/en/security.magicquotes.disabling.php

    0 讨论(0)
 看不清?
提交回复
热议问题