MySQL And Inserting HTML Code

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
Superman859
Forum Commoner
Posts: 47
Joined: Sun Oct 29, 2006 10:22 am

MySQL And Inserting HTML Code

Post by Superman859 »

I have a PHP script that allows me to edit contents of a page and store the contents in a database. Usually there is HTML involved and being stored in the database.

Now my question is this - Do I need to worry about the quotes in HTML interfering with SQL quotes when inserting/etc? Or will it be alright because of the single quotes for SQL and double quotes for HTML values? I started studying PHP recently so am still trying to figure a few things out. I have a PHP script that takes data from a form (where the HTML code would be), and the form POSTS data to a script. I assign all the $_POST to local variables and then insert into database using those variables.

Right now it does not do anything to deal with quotes. I know there is something about magic_quotes, but am unsure what my current settings are. Should I stripslashes() and then use mysql_real_escape_string(), or do something else, or am I ok as it is?

It doesn't have any problems that I know of so far, but I want to make it as good as possible.

PS: Along the same lines - when I use the SQL tab in phpMyAdmin and INSERT data, do I need to escape the quotes in the HTML code or not? It takes forever to escape them all that way...
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Try it. Try it. Try it. And try it.
Post Reply