How to save HTML in Mysql

3

I have a deadlock over storing an HTML in the DB. I'm using the property in php: htmlentities($_POST['codhtml']) to perform this operation. But when saving a code like:

<span class="frase-aditivo mover" id="adt6-enable" style="transform: translate3d(-2px, 202px, 0px); cursor: move; touch-action: none; -webkit-user-select: none; z-index: 1004; border: 3px dashed red; font-size: 112px; font-family: &quot;Comic Sans MS&quot;; color: rgb(0, 64, 128);">Leve a alegria do Natal para sua casa ! </span>

The bank is stored:

&lt;span class=&quot;frase-aditivo mover&quot; id=&quot;adt6-enable&quot; style=&quot;transform: translate3d(-2px, 202px, 0px); cursor: move; touch-action: none; -webkit-user-select: none; z-index: 1004; border: 3px dashed red; font-size: 112px; font-family:

That is, for some reason the code is lost whenever there is a URL or after "font-family:".

What is the best way to do this rescue?

PS. I am using LongText.

Thank you = D

/ * CONTINUED CODE * /

$("#mt_finalizar").click(function(event) {
      var codhtml = '<span class="frase-aditivo mover" id="adt6-enable" style="transform: translate3d(-2px, 202px, 0px); cursor: move; touch-action: none; -webkit-user-select: none; z-index: 1004; border: 3px dashed red; font-size: 112px; font-family: &quot;Comic Sans MS&quot;; color: rgb(0, 64, 128);">Leve a alegria do Natal para sua casa ! </span>';

      $.ajax({

            type      : 'post',

                url       : 'salvarDados.php',

                data      : 'codhtml='+codhtml
                            +'&motivoid=2'
                            +'&formatoid=2'
                            +'&motivonome=Nome',
                dataType  : 'html',

                success : function(txt){
                     alert("Sucesso,");
                },
                error: function(result) {
                    alert("Erro ao Salvar");
                }
      });



$resultado = $this->conexao->exec("INSERT INTO tabela (col1,col2,col3,col4,col5,col_codhtml,col6) VALUES(2,2,2,2,2,'$codhtml','Nome')");
    
asked by anonymous 14.06.2016 / 20:25

1 answer

4

In the JS part, change this:

data      : 'codhtml='+codhtml

so:

data      : 'codhtml='+encodeURIComponent(codhtml)

The encodeURIComponent is used to "escape" the special characters that are normally used in URL or POST values.


In the part of PDO change this:

$resultado = $this->conexao->exec("INSERT INTO tabela
(col1,col2,col3,col4,col5,col_codhtml,col6)
VALUES(2,2,2,2,2,'$codhtml','Nome')");

so:

$resultado = $this->conexao->exec('INSERT INTO tabela 
(col1,col2,col3,col4,col5,col_codhtml,col6)
VALUES(2,2,2,2,2,'.$this->conexao->quote($codhtml).',"Nome")');

(I broke the lines just to make it easier to read)

quote swaps the characters that can conflict with the Query, preventing quotation marks and escape characters from corrupting the string. It also adds quotation marks around the "ends" of the string

The ideal would be to use prepared statements . See examples in this question:

  

How to prevent SQL injection in my PHP code?

    
14.06.2016 / 22:25