Page 1 of 1

Insert HTML Code Into MySQL DB Field

Posted: Thu Mar 10, 2005 2:05 pm
by kg4agd
I have a MySQL database holding articles from a monthly publication that I am wanting to display online. I am working on setting up a page that a authorized user can access to enter data into the database. My php page is working except for the fact that I cannot solve the problem of getting html formatted text to be saved into the database.

To facilitate data entry, I have allowed the user to upload a html file that holds the text of the article. I save the contents of this file in a variable and then try to save that to the database.

The problem is that the variable holding the html file contents has quotes, double quotes, etc., and this causes the INSERT statement to with the message:

"You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 's issue of Straightway gave a preliminary background concerning"


My SQL statement is:
$sqlInsert = "INSERT INTO tblArticles (ArticleID, Title, Text, Author, Volume, Issue, Date, AuditDate, AuditUser) VALUES ('''','$Title', '$contents', '$Author', '$Volume', '$Issue', '$Date', now(), '$user')";
The $contents variable holds the HTML file contents that the user uploads. Of course, I can echo and it looks just fine in the browser. It is saving it to the database where the problem arises.

Is there a way to get around this problem?

Thanks for the help.

Posted: Thu Mar 10, 2005 2:11 pm
by feyd

Code: Select all

str_replace('\'', '\'\'', $content);

Thanks

Posted: Thu Mar 10, 2005 2:54 pm
by kg4agd
That seems to work fine. I appreciate the help.