In one of my forms I use the rich text editor from Yahoo!. Now i want to store the data from that textarea in a MySQL database.
The user can enter anything in that textarea, e.g. many double or single quotes.
How can I store that data?
Normally we store by adding that data in one variable and then put that in sql, but the quotes cause problems.
You can use mysql_real_escape_string().
Escapes special characters in the unescaped_string, taking into account the current character set of the connection so that it is safe to place it in a mysql_query(). If binary data is to be inserted, this function must be used.
mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.
This function must always (with few exceptions) be used to make data safe before sending a query to MySQL.
e.g.
$value = mysql_real_escape_string(" ' \" etc ");
$sql = "INSERT INTO blah VALUES ('$value')";
But a better solution is to use PDO and prepared statements.
If PDO isnt an option you might be able to use mysqli instead of course with a prepared statement.
This is how my data as API response looks like, which I want to store in the MYSQL database. It contains Quotes, HTML Code , etc.
Example:-
{
rewardName: "Cabela's eGiftCard $25.00",
shortDescription: '<p>adidas gift cards can be redeemed in over 150 adidas Sport Performance, adidas Originals, or adidas Outlet stores in the US, as well as online at <a href="http://adidas.com/">adidas.com</a>.</p>
terms: '<p>adidas Gift Cards may be redeemed for merchandise on <a href="http://adidas.com/">adidas.com</a> and in adidas Sport Performance, adidas Originals, and adidas Outlet stores in the United States.'
}
SOLUTION
CREATE TABLE `brand` (
`reward_name` varchar(2048),
`short_description` varchar(2048),
`terms` varchar(2048),
) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=latin1;
While inserting , In followed JSON.stringify()
let brandDetails= {
rewardName: JSON.stringify(obj.rewardName),
shortDescription: JSON.stringify(obj.shortDescription),
term: JSON.stringify(obj.term),
}
Above is the JSON object and below is the SQL Query that insert data into MySQL.
let query = `INSERT INTO brand (reward_name, short_description, terms)
VALUES (${brandDetails.rewardName},
(${brandDetails.shortDescription}, ${brandDetails.terms})`;
Its worked....
Better yet! When submitting the content to the database, use addslashes();
When retrieving and displaying the string use stripslashes();
$string = "That's awesome!";
addslashes($string); will come out as That\'s Awesome in the database (and won't break anything)
Then stripslashes($string); will return it to normal.
http://php.net/manual/en/function.addslashes.php
I use this all the time - simple and straight-forward.
Thanks you guys,
for your replay.
But i had only replace the quotes characters...by this..
html = html.replace(/\'/g, "'"); // 39 is ascii of single quotes
html = html.replace(/\"/g, """); // 39 is ascii of double quotes
and then stored in the database.
its working great..by this way...
and when i want that data then i just replace to its orginal.
But thanks for your replay..
