Page 1 of 1

Store HTML in a MYSQL table and then deploy it to a page

Posted: Mon Aug 31, 2009 9:45 am
by mariocirillo
Hello Guys,

Once again i need some assistance, hope you can help.
I have a MySQL DB within the db is a table with a field which i want to hold some HTML.

The Table is called CONTENT_NEWS
Field: ARTICLE_HTML
Type: longtext
Collation: armscii8_general_ci
Attributes:
Null: No
Default: None
Extra:

When i paste the HTML into the field (im doing it through phpMyAdmin until i make a front end i get the following error:

0 row(s) affected.
Warning: #1366 Incorrect string value: '\xC2\xA360 B...' for column 'article_html' at row 1

When i then try and display it in my broswer using

<?php echo htmlspecialchars($row_news['article_html']); ?>
OR
<?php echo htmlentities($row_news['article_html']); ?>

it just shows the HTML within my webpage. If i copy and paste it into another doc it works fine so the problem looks like its not actually trying to display it as HTML. Im from an ASP background and am used to doing response.write()

Any help would be greatly appriciated

Mario

Re: Store HTML in a MYSQL table and then deploy it to a page

Posted: Tue Sep 01, 2009 12:43 am
by mrvijayakumar
Hi,

While inserting into field (ARTICLE_HTML) in table, use addslashes(article_inHtmlFormat)

Re: Store HTML in a MYSQL table and then deploy it to a page

Posted: Tue Sep 01, 2009 1:53 am
by Benjamin
Do not use htmlentities() or htmlspecialchars() if you want the html to be rendered by the browser. Since you aren't encoding characters into the associated character entity when saving the data, you don't need to do anything when displaying it. If you were to use htmlentities() on the data before you saved it, you would then use html_entity_decode() to revert the characters.

Please note that you really shouldn't do what you are doing unless you are aware of the risks and knowledgeable about how to prevent them. You are more than likely opening yourself up to significant security holes and it may be better to use an off the shelf CMS depending on your implementation.

Also, in regards to the previous comment, addslashes() is not the appropriate method for preparing MySQL queries. Instead, you should use mysql_real_escape_string() in addition to encapsulating integers with single quotes.

Re: Store HTML in a MYSQL table and then deploy it to a page

Posted: Tue Sep 01, 2009 3:35 am
by lord_webby
mariocirillo wrote:it just shows the HTML within my webpage.
I second html_entity_decode() but, if you run into problems I've found another quick way to store html is to encrypt it and then store it.

Re: Store HTML in a MYSQL table and then deploy it to a page

Posted: Tue Sep 01, 2009 3:36 am
by lord_webby
and then of course you need to decrypt it when you get it back

Re: Store HTML in a MYSQL table and then deploy it to a page

Posted: Tue Sep 01, 2009 6:03 am
by mariocirillo
ive decided to use includes, in my db i just have a field for the include name and then it will import the html that way.
Would you agree this is a better way of doing it?

Re: Store HTML in a MYSQL table and then deploy it to a page

Posted: Tue Sep 01, 2009 6:38 am
by lord_webby
yes. but if you're doing comment forms forums etc then it's easier to store the html in a db .