Saving data to database from textarea

Question

I am a newbie in PHP. I just want to know why every time I save a string data from textarea it's always having the <p> string </p> format inserted in the database. This is my code:

 <table>
  <tr>
   <td>  
    <textarea name="event_desc" cols="40" rows="10" id="event_desc"></textarea>
    </td>
  </tr>
  <tr>
    <td>&nbsp;</td>
    <td><input type="submit" name="Add" id="Add" value="Add event" /></td>
  </tr>
 </table>

And everytime i include a single quotation ('), it always appears as " & #39;" without space.This is the sample output:

input: test2 ' (and every space i made count)
<p>    test2 &#39; &nbsp;&nbsp; $</p>

I already use mysql_real_escape_string, addslashes and stripslashes.

This is my code in saving into database:

 <?php 
 if(isset($_REQUEST['Add']))
 { 
  $event_title=$_POST['event_title'];                                                                         $event_desc=mysql_real_escape_string($_POST['event_desc']);
  $section=$_POST['section'];
  $get_date=NOW;
  if($event_title=="" || $event_desc=="")
  {
    echo'<div class="warning">Some of the fields are empty.</div>';
  }
  else
  {
    mysql_query("INSERT INTO events (`event_title`, `event_desc`,`event_date`,`event_target`) VALUE('$event_title','$event_desc','$get_date','$section')") or die(mysql_error('Error: Error in adding entries'));
    echo'<div class="success">You have just added 1 event for School. You will be redirect in  5 seconds</div>';
    echo "<META HTTP-EQUIV='Refresh' CONTENT='5; URL=events.php'>";
  }
 }
 ?>

Thanks you guys for the help.

what is your way to connect to db? are you using mysql or mysqli or pdo? — Kiyarash, Dec 07 '13 at 07:10

score 2 · Answer 1 · edited May 23 '17 at 11:49

2

my suggestion will be to use mysqli::real_escape_string with prepared statements
click mysqli::real_escape_string

edited May 23 '17 at 11:49

Community

1
1

answered Dec 07 '13 at 07:07

Let me see

5,063
9
34
47

score 1 · Answer 2 · answered Dec 07 '13 at 07:13

You can use addslashes() while storing into db and use to retrive if it is encoded htmlspecialchars_decode

 <?php
$str = "<p>this -&gt; &quot;</p>\n";

echo htmlspecialchars_decode($str);

// note that here the quotes aren't converted
echo htmlspecialchars_decode($str, ENT_NOQUOTES);
?>

OUTPUT:

<p>this -> "</p>
<p>this -> &quot;</p>

Ref: http://www.php.net/manual/en/function.htmlspecialchars-decode.php

score 0 · Answer 3 · answered Dec 07 '13 at 07:42

Other than traditional methods mention above.

We can encode string coming from text area using "base64_encode" and then store in db...While retrieving from db decode it back using "base64_decode" function.

Note:- As per document it consume 33% more space.

Ref:- http://php.net/manual/en/function.base64-encode.php

score -2 · Answer 4 · answered Dec 07 '13 at 07:11

-2

Your saving html encoded text to your database. Punctuation are encoded when viewing in a page. So you have to decode them some how. I'm not a PHP person, but I know this is your problem.

answered Dec 07 '13 at 07:11

chdev77

505
4
18

Saving data to database from textarea

4 Answers4