how to insert html or php code into a table?

sarmenhb · 09-06-2008, 08:58 PM

im trying to insert some html or some php code into a databasese table but im getting errors. how do i do this?

i'm trying to insert this

Code:

<li>NaviDoor School Application Service (Excluding Mandatory School Application Fee 'Application Requirement')</li>
<li>NaviDoor Immigration Application Service (Excluding SEVIS 'Immigration Requirement')</li>
<li>NaviDoor Host Family / Apartment Application Service. Include Free Registration value of $100</li>
<li>NaviDoor Support ('Counseling & Guidance' before departure and in Los Angeles for one week.)</li>
<li>NaviDoor Airport Pick-Up</li>
<li>FREE Essay Editing</li>

xenon · 09-06-2008, 09:08 PM

And what errors are you getting? Perhaps you want to escape your single quotes before sending that to the database first?

sarmenhb · 09-06-2008, 09:22 PM

yea i think it has to do with symbols but if i did use the htmlspecialchars function to insert the data how would i convert it back to html to preview it.

Salathe · 09-06-2008, 09:54 PM

Run the HTML string through mysql_real_escape_string() to prevent the HTML causing problems with the SQL query syntax (and for a basic, much needed security boost) if you're not already.

Do not transform the data (i.e. using htmlspecialchars, etc.) where it's not necessary. That's a basic rule of thumb and an important one to learn.

sarmenhb · 09-06-2008, 10:13 PM

why didnt i think of that salathe :D thanks

sarmenhb · 09-07-2008, 04:57 AM

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

sketchMedia · 09-07-2008, 11:18 AM

In order for me to debug that message, I need to see your query.

sarmenhb · 09-07-2008, 01:23 PM

here is the code

Code:

<?php
include("includes/config.php");
if(isset($_POST['submit'])) { 

$title = mysql_real_escape_string($_POST['title']);
$desc = mysql_real_escape_string($_POST['desc']);
$price = mysql_real_escape_string($_POST['price']);

$query = mysql_query("insert into tbl_package values(null, '$title','$desc','$price'") or die(mysql_error());




}



?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>

<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

Title: <input type="text" name="title" /><br />
Desc: <textarea name="desc" cols="60" rows="10"></textarea>
<br />
Price: <input type="text" name="price" /><br />
<br />
<input type="submit" name="submit" value="submit" />




</form>
</body>
</html>

here is the content that went into the text boxes

Code:

title: Promo Package
desc: 
<ul>
<li>NaviDoor School Application Service (Excluding Mandatory School Application Fee 'Application Requirement')</li>
<li>NaviDoor Immigration Application Service (Excluding SEVIS 'Immigration Requirement')</li>
<li>NaviDoor Host Family / Apartment Application Service. Include Free Registration value of $100</li>
<li>NaviDoor Support ('Counseling & Guidance' before departure and in Los Angeles for one week.)</li>
<li>NaviDoor Airport Pick-Up</li>
<li>FREE Essay Editing</li>
</ul>

price: 100