Menu
I want to store an HTML code in an SQL database. It stores everything fine except when there are attributes defined such as border="0". I think single quotation mark is not an issue. How do i avoid this from happening.
The error: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0">
762
Like others have pointed out there's nothing dangerous about storing HTML in the DB. But when you display it you need to know the HTML is safe.
you can save the html codes just like text. You can use varchar(max) type column to save the html code in table. Display the code is depending the browser. But if you use nvarchar type that will cause problems in display.
You can produce HTML from SQL because SQL Server has built-in support for outputting XML, and HTML is best understood as a slightly odd dialect of XML that imparts meaning to predefined tags. There are plenty of edge cases where an HTML structure is the most obvious way of communicating tables, lists and directories.
Are you escaping the HTML before attempting to insert it into the database? Assuming your HTML is stored in the variable $html
$html = mysql_real_escape_string($html);
$sql = "INSERT INTO html_docs (html) VALUES('$html')";
mysql_query($sql);
You need to escape your strings, looks like mysql_real_escape_string will do the job in PHP.
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
