TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   Absolute Beginners (http://www.talkphp.com/absolute-beginners/)
-   -   how to insert html or php code into a table? (http://www.talkphp.com/absolute-beginners/3331-how-insert-html-php-code-into-table.html)

sarmenhb 09-06-2008 07:58 PM
how to insert html or php code into a table?
 
im trying to insert some html or some php code into a databasese table but im getting errors. how do i do this?

i'm trying to insert this

Code:
<li>NaviDoor School Application Service (Excluding Mandatory School Application Fee 'Application Requirement')</li>
<li>NaviDoor Immigration Application Service (Excluding SEVIS 'Immigration Requirement')</li>
<li>NaviDoor Host Family / Apartment Application Service. Include Free Registration value of $100</li>
<li>NaviDoor Support ('Counseling & Guidance' before departure and in Los Angeles for one week.)</li>
<li>NaviDoor Airport Pick-Up</li>
<li>FREE Essay Editing</li>

xenon 09-06-2008 08:08 PM
And what errors are you getting? Perhaps you want to escape your single quotes before sending that to the database first?

sarmenhb 09-06-2008 08:22 PM
yea i think it has to do with symbols but if i did use the htmlspecialchars function to insert the data how would i convert it back to html to preview it.

Salathe 09-06-2008 08:54 PM
Run the HTML string through mysql_real_escape_string() to prevent the HTML causing problems with the SQL query syntax (and for a basic, much needed security boost) if you're not already.

Do not transform the data (i.e. using htmlspecialchars, etc.) where it's not necessary. That's a basic rule of thumb and an important one to learn.

sarmenhb 09-06-2008 09:13 PM
why didnt i think of that salathe :D thanks

sarmenhb 09-07-2008 03:57 AM
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

sketchMedia 09-07-2008 10:18 AM
In order for me to debug that message, I need to see your query.

sarmenhb 09-07-2008 12:23 PM
here is the code

Code:
<?php
include("includes/config.php");
if(isset($_POST['submit'])) {

$title = mysql_real_escape_string($_POST['title']);
$desc = mysql_real_escape_string($_POST['desc']);
$price = mysql_real_escape_string($_POST['price']);

$query = mysql_query("insert into tbl_package values(null, '$title','$desc','$price'") or die(mysql_error());




}



?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>

<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

Title: <input type="text" name="title" /><br />
Desc: <textarea name="desc" cols="60" rows="10"></textarea>
<br />
Price: <input type="text" name="price" /><br />
<br />
<input type="submit" name="submit" value="submit" />




</form>
</body>
</html>

here is the content that went into the text boxes


Code:
title: Promo Package
desc:
<ul>
<li>NaviDoor School Application Service (Excluding Mandatory School Application Fee 'Application Requirement')</li>
<li>NaviDoor Immigration Application Service (Excluding SEVIS 'Immigration Requirement')</li>
<li>NaviDoor Host Family / Apartment Application Service. Include Free Registration value of $100</li>
<li>NaviDoor Support ('Counseling & Guidance' before departure and in Los Angeles for one week.)</li>
<li>NaviDoor Airport Pick-Up</li>
<li>FREE Essay Editing</li>
</ul>

price: 100


All times are GMT. The time now is 03:52 AM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0