Menu
I want to save html-formatted text to database, but when I do that it is don't save html-symbols like < / > ' and others This is how I read article from database for editing:
<p class="Title">Англійський варіант:</p>
<textarea name="EN" cols="90" rows="20" value="<?php echo htmlentities($articleArr['EN'], ENT_QUOTES, "UTF-8"); ?>" ></textarea>
after this generates such html-code:
<p class="Title">Англійський варіант:</p>
<textarea name="EN" cols="90" rows="20" value="<p class='Title'> привыт </p>" ></textarea>
So, I expect that this text will appear in my text field, in html-code of this page it is, but in text area is no.
In database I save it as:
<p class="Title"> Hello </p>
So how can I do the follow:
Help me please, how can I save such texts properly, Thanx!
621
Certainly it is possible to store html (or whatever markup or language) inside a database. Also handling that with PHP is possible. All you have to make sure is that you escape the content so that a) your code is not open to sql injection and b) the statements are valid regardless of the contents value.
Try using htmlspecialchars() on the string to put into the DB, and then, when pulling it back out, use htmlspecialchars_decode(). Might make a difference.
159
Save it to a nvarchar(max) field.
Make sure you use parameterized queries for security. Read
http://www.aspnet101.com/2007/03/parameterized-queries-in-asp-net/
http://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/
with little changes to Sql , you can apply to Mysql aslo
36
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
