Error updating html text in a Mysql database

Forum Moderators: coopster

Message Too Old, No Replies

Error updating html text in a Mysql database

Stu_Rogers

1:54 pm on Mar 9, 2005 (gmt 0)

I have a field in my database which needs to contain html code (for formatting of text, lists, and links).

I can successfully add the data and view it on a webpage, but I cannot figure out how to edit it.

I have read about magicquotes, htmlspecialchars, addslashes, etc, and I have tried various combinations of these without any luck.

My code currently looks like this:

$id = $_POST['id'];
$myhtml = $_POST['myhtml'];

if (!get_magic_quotes_gpc()) {
$myhtml = addslashes($myhtml);
}

$query = ("UPDATE products SET myhtml=\"$myhtml\" where id=\"$id\"");
$result = mysql_query($query);

And the error is:

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'myhtml="

Can anyone help?! or advise where I might be going wrong?

mag1

2:17 pm on Mar 9, 2005 (gmt 0)

I'm not 100% sure about this but try using single quotes instead of double quotes around the $myhtml and remove the slash that's outside the quotes.

e.g.

$query = ("UPDATE products SET myhtml='$myhtml\' where id='$id'");
$result = mysql_query($query);

Stu_Rogers

2:19 pm on Mar 9, 2005 (gmt 0)

Many thanks for your input but I'm afraid that doesn't solve it.

Any other ideas?

mag1

3:03 pm on Mar 9, 2005 (gmt 0)

OK, I think you may need to concatenate the $myhtml with the / in order to make it part of the variable.

I think the following will do that:

$myNewhtml = $myhtml . "/" ;

Do this before you try to do the sql update.

Let me know how you get on.

Stu_Rogers

3:19 pm on Mar 9, 2005 (gmt 0)

As per your sugesstion I have updated the script to look like this:

$id = $_POST['id'];
$myhtml = $_POST['myhtml'];

if (!get_magic_quotes_gpc()) {
$myhtml = addslashes($myhtml);
}

$newhtml = $myhtml . "/";

$query = ("UPDATE products SET myhtml='$newhtml' where id='$id'");
$result = mysql_query($query);

But I'm afraid I'm still getting the same error.

Am I right in thinking that this problem is something to do with html characters?

mag1

3:43 pm on Mar 9, 2005 (gmt 0)

When you connected to the database did you use something like this:
$db = mysql_connect("Server", "UserID", "Password");
mysql_select_db("DBName", $db);

I think you may need to do the following:

$query = ("UPDATE products SET myhtml='$newhtml' where id='$id'");
$result = mysql_query($query, $db);

Other than that I don't know.

Stu_Rogers

5:02 pm on Mar 9, 2005 (gmt 0)

No, I can update other fields in my database, no problem.

I'm pretty sure its something to do with htmlspecialentities or magicquotes or stripslashes or something similar but can't figure it out.

Just hoped that someone here might have experienced the same thing?

ironik

11:38 pm on Mar 9, 2005 (gmt 0)

if you've escaped the ' chars using addslashes then their shouldn't really be a problem inserting the content, try:

$query = ("UPDATE products SET myhtml='" . $newhtml . "' where id='" . $id . "'");

I use that syntax most of the time because it aids in viewing variables through a syntax highlighting editor.

Failing that, use:

$myhtml = mysql_real_escape_string($_POST['myhtml']);

or $myhtml = mysql_escape_string($_POST['myhtml']); if your php version is below 4.3.0

(have to be careful of magic quotes when using escape string, you can end up with double quotes if it is turned on)