CODEWITHSUNDEEP
phpmysqlhtml-entities
way2project
way2project

Reputation: 99

How to insert a php code snippet in mysql database

I have a php code snippet like below :

function is_ancestor_of( $page_name = null, $post ) {

if(is_null($page_name))
return false;

// does it have a parent?
if (!isset( $post->post_parent ) OR $post->post_parent <= 0 )
return false;

//Get parent page
$parent = wp_get_single_post($post->post_parent);

 if ( $parent->post_name == $page_name ){
echo $parent->post_name.' - '.$page_name;
return true;
} else {
is_ancestor_of( $page_name, $parent );
}
}

I just want to insert this whole code in mysql database table and again retriew it with this same formatting on the page again. When I simply insert this code in database using INSERT INTO query then the mysql syntax error occurs because the code breaks sql query because of special characters. Is there any way to do this??

Thanks.

Upvotes: 0

Views: 3129

Answers (3)

vaidik
vaidik

Reputation: 2213

Yeah, you can do this. Multiple ways:

  1. PDO - that's the best option actually. Study this topic in the PHP manual as this can be a lot more help than just protecting your MySQL queries in PHP from breaking.
  2. addslashes() - adds slashes to escape characters. This won't break your MySQL query for sure.
  3. mysql_real_escape_string()
  4. mysql_escape_string()

EDITED Emphasized PDO as compared to the previous version of this answer as PDO is far more safer than the other options and there is a lot more to it which can be used while working with PHP and MySQL.

Upvotes: 3

James Williams
James Williams

Reputation: 4216

You will need to use mysql_real_escape_string() to escape the php code so it does not throw an error when inserting. Then you run an eval() on the statement, if you want it to execute. If you have a mixed html and php stored in the database you would call eval like so

 eval('?>'.$dbresult.'<?php');

Just make sure you stripslashes() on the database result

Upvotes: 0

Bono
Bono

Reputation: 4849

Escape special characters using mysql_real_escape_string(). You'd probaply be better off moving away from mysql_* functions though and start using PDO or mysqli_* for example.

Edit As mentioned in the comments, make sure you place the code as a string and that the DB field is the correct data type. Also, make sure you use mysql_real_escape_string() (if you insist on using mysql_*) on the whole string (or code).

Upvotes: 3

Related Questions