CODEWITHSUNDEEP
phpmysqlsql
Reham Fahmy
Reham Fahmy

Reputation: 5063

Saving javascript code inside database

I've very annoying problem with hosting of well known company however

I've website and at its back-end there is form has textarea field where it should be for google adsense code when i submit it does not respond at all and keep loading

but when i type anything else then adsense ads code it accepted so i noticed it not allowing for html

Form code

<form method=post action="1.php" name="adsense" id="adsense">

The Code : <textarea id="ad" name="ad">Put your code here</textarea>

<input type="submit" name="submit" value="Save">

</form>

1.php Code

<?PHP

include "header.php"; // connect to db

if(isset($_POST[submit])){

$qma = "update webads set
ad = '$_POST[ad]'";

$rma = mysql_query($qma) or die(mysql_error());
echo 'Thanks';

}

?>

The problem when i put adsense ads code it not respond and not save it in database but if i put any text it save it normally

so i've been thinking to addslashes() but it also didn't worked after i made such changes

ad1 = 'addslashes($_POST[ad1])'

here is example of unaccepted google adsense code

<script type="text/javascript">
google_ad_client = "pub-0000000000000000";
google_ad_width = 250;
google_ad_height = 250;
google_ad_format = "250x250_as";
google_ad_type = "text";
google_ad_channel = "0000000000";
google_color_border = "FFFCE1";
google_color_bg = "FFFCE1";
google_color_link = "FFFCE1";
google_color_text = "FFFCE1";
google_color_url = "FFFCE1";
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>

One last note

the database field structure is text NOT NULL

CREATE TABLE `webads` (
`id` varchar(50) NOT NULL default '',
`ad` text NOT NULL
PRIMARY KEY  (`id`))";

so any idea how to save it ! but it must be easy to recall it back without being altered

i don't know if it stupid or not but if i didn't got any answer how to do it, been thinking to base_64 encoder before save it then when i call it back will base_64 decode it but this sound last hope i can do

Thanks a lot

Upvotes: 0

Views: 5461

Answers (4)

M&#225;rio
M&#225;rio

Reputation: 1612

When I work with MySQL Workbench and I do something like update webads set ad = '$_POST[ad]' it throws an error because of the safe mode. My SQL query doesn't have an ID. Maybe the safe mode is on?

If you want to bypass it, just add WHERE ID != -1 but I don't recommend doing this.

Don't forget to sanitize your input.

Upvotes: 0

MkBht
MkBht

Reputation: 78

Alternately, you can use 

$ad = htmlspecialchars($_POST['ad']);

$qma = "update webads set ad = '$ad'";

Upvotes: 0

Chris Wheeler
Chris Wheeler

Reputation: 1716

You need to escape the posted variable for MySQL - the best way to do this is to use PHP's built in function as it will do it correctly for your version of MySQL

$qma = "update webads set ad = '" . mysql_real_escape_string($_POST[ad]) . "'";

Upvotes: 3

user2768948
user2768948

Reputation:

You have to use htmlentities before storing data to database. and you can't use function inside string. 

$ad = htmlentities($_POST['ad']);

Also when using addslashes you'd better first check if it's automatically enabled by server configuration, not to over-quote strings. See get_magic_quotes_gpc 

if(!get_magic_quotes_gpc()) {
    $ad = addslashes($ad);
} 

...

$qma = "update webads set ad = '$ad'";

Upvotes: 2

Related Questions