Inserting HTML into MySQL

kodemonki · 04-15-2010, 07:53 AM

I know this is a very common question, and have found consistent answers online, but I can't seem to get this to work for me. I am trying to input:

Code:

<div id="394" class="ui-draggable item_outfit" style="left: 234px; top: 177px; width: 150px; height: 200px; position: absolute; display: block;"></div><div id="10" class="ui-draggable item_outfit" style="left:32px; top:392px; height:150px; width:300px; position:abolute; display:block;"></div>

into MySQL.

Here's what I've done:

Code:

$look = '<div id="394" class="ui-draggable item_outfit" style="left: 234px; top: 177px; width: 150px; height: 200px; position: absolute; display: block;"></div><div id="10" class="ui-draggable item_outfit" style="left:32px; top:392px; height:150px; width:300px; position:abolute; display:block;"></div>';

$look2 = htmlentities($look);        
$look3 = html_entity_decode(htmlentities($look));
$look4 = mysql_real_escape_string($look);
          
$user_id = 34;
                                  
$query = "insert into user_outfits (user_id, div) values ($user_id, '" . mysql_real_escape_string($look) . "')";
echo $query;
$create_outfit = mysql_query($query);

I have tried the query with look (using mysql_real_escape_string()), look2, look3, and look4, to no avail. When I echo each look variable, only look2 is displayed correctly. Echoing look, look3 and look4 give me null values, and when I echo the query I get

Code:

insert into user_outfits (user_id, div) values (34, '
')

Why won't this insert into the database?

Thanks in advance.

Fou-Lu · 04-15-2010, 03:34 PM

Does echoing really not show anything, or are you just viewing it in the browser? View you're source to confirm that there is no HTML available within the query itself; viewing the output in a browser is pretty much pointless since it will convert this to parsed html. If you intend to store parsable HTML within the database, all you should need is the mysql_real_escape_string to prevent it from clobering your query. Otherwise, you'll need to use htmlentities or htmlspecialchars in order to convert it to the text display so you can then print a viewable text of it online. Look into using the strip_tags function to control what you allow; definitely don't want say <php> or <script> to be added to that.

If its not being inserted, kill your query to find out why:

PHP Code:


			
$create_outfit = mysql_query($query) or die(sprintf("Error: %s\nQuery: %s\n", mysql_error(), $query));

kodemonki · 04-19-2010, 01:30 PM

Thanks! That was the answer