Reputation: 2165
How to escape html code to insert in mysql
I am using tinymce editor to have html page and then insert it in mysql. I tried this:
$esdata = mysql_real_escape_string($data);
it is working for all html except images. If I have hyperlink like:
http://www.abc.com/pic.jpg
then it makes it somewhat very obscure and the image doesn't appear.
INPUT
<img src="../images/size-chart.jpg" alt="Beer" />
OUPUT
<img src="\""images/size-chart.jpg\\"\"" alt="\"Beer" />
Upvotes: 3
Views: 19586
Answers (3)
Reputation: 868
You should use htmlspecialchars function to encode the string and htmlspecialchars_decode to display the string back to html
Upvotes: 0
Reputation: 966
Try to use urlencode and urldecode to escape the string.
As Christian said it is not used for the sake of DB but to keep the things as it is. So you can also use urlencode and urldecode.
For Ex:
//to encode
$output = urlencode($input);
//to decode
$input = urldecode($output);
Upvotes: 4
Reputation: 28125
You shouldn't over-escape code before you send it to DB.
When you escape it, it's done in a way that it is stored in the DB as it was originally. Escaping is not done for the sake of the DB, but for the sake of keeping the data as it was without allowing users to inject bad stuff in your sql statements (prior to sending the stuff in the DB).
Upvotes: 2
Related Questions
- how to insert HTML code into DB using php
- Inserting html code in a mysql table
- Insert SQL code into database in PHP/MySQL
- Escape strings/ inserting in php script
- How to insert html code in mysql database?
- Escape characters appearing in MySQL
- Escaping raw HTML data inserted into MySQL
- How to properly escape a string via PHP and mysql
- Escaping for insert to MySql
- mysql insert escape