Hangover
Reputation: 51
Insert HTML code into MySQL database using PHP-PDO->Prepare Statement
i have a problem, i'm trying to insert html data into my database, but when i insert it, that returns me the quotes with backslash. (i think that is a pdo security function... but how i can to disable it?).
The PHP+PDO code is...
if(!empty($_POST['site_ads_right'])) {
$update1 = $db->prepare("UPDATE ads SET custom_html = :html WHERE position = :pos");
$update1->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$update1->bindValue(':html', $_POST['site_ads_right'], PDO::PARAM_STR);
$update1->bindValue(':pos', 4, PDO::PARAM_INT);
$update1->execute();
}
And i'm trying to insert this code using a html textarea called site_ads_right for ($_POST)
<a href='http://www.example.com/index.php' target='_BLANK'><img src='img/content/a46adedac744f8f98b385ed392f92b3d_lll.jpg'></a>
But when i insert that, the return from database is...
<a href=\'http://www.example.com/index.php\' target=\'_BLANK\'><img src=\'img/content/a46adedac744f8f98b385ed392f92b3d_lll.jpg\'></a>
And i need insert it without the filter what puts the backslashes...
Thanks.
Okay, with...
$update1 = $db->query("UPDATE ads SET custom_html = '".$_POST['site_ads_right']."' WHERE position = 4");
Inserts the code without the backslashes.
Upvotes: 0
Views: 3197
Answers (1)
Your Common Sense
Reputation: 157909
PDO is irrelevant here. It's security function doing its job flawless.
It's either magic quotes of your own general purpose sanitizing function.
Just get rid of them both.
Upvotes: 1
Related Questions
- How to insert text and html format data into a MySQL database via PHP?
- how to insert HTML code into DB using php
- Adding HTML codes inside PHP
- Inserting html code in a mysql table
- How to insert html code in mysql database?
- Inserting HTML into database
- PDO - Putting all sql data into an html table using prepared statement
- how to insert html code in mysql table using query
- How to escape html code to insert in mysql
- html insertion in sql table