so here's what I want to do, I want to be able to cache a whole web page, which would be something like this
$domain = "cnn.com";
$title = "CNN";
$cacheado = file_get_contents('http://www.google.com');
$ingresar = "INSERT INTO indexed_links (link, title, cacheado) VALUES ('$domain', '$title', '$cacheado')";
$db_on = mysqli_connect('localhost', 'root', 'pass', 'data_base');
mysqli_query($db_on, $ingresar);
My great concern is, I tried to do this exact code with the page example.com, which would be $cacheado = file_get_contents('http://example.com');
Which worked completely fine, it added the whole HTML code to the page, which is something somewhat short, it's an easy HTML code, now, Google and a bunch of other sites got more codes into their HTML, as a result, sites with longer HTML codes are not going through the mysqli_query query, which I suppose it has to do with MySql and not PHP because the code works just fine with example.com...
The column of the table which I want to insert the HTML code is cacheado, which has a type set in the MySQL database of text, does this have something to do?
The problem is not with the datatype. Instead, you failed to escape the strings before building the INSERT statement.
In particular, there was probably an apostrophe (') in that web page.
Change field type from TEXT() to VARCHAR(65535). It is the max lenght I now you can set for a field.
Related
Hope all is well.
I have had a bit of an issue this evening when I was working on a message system for some project for work.
I'm working on the inbox, and have it set up so that it pulls the message subject, sender, and date of sending in table rows on the front-end. That all works great.
My issue is pulling the message body, which is the actual message content. It's supposed to show up in a modal when the table rows are clicked in the front-end, and I can get that to work without issue. The problem is that I can't pull a non-undefined variable for the message content in the first place.
My SQL table looks like this:
msgTo (text), msgFrom (text), msgSubject (text), msgMessage (text), msgDate (text)
My PHP code looks like this:
$msgTo = $row["msgTo"];
$msgFrom = $row["msgFrom"];
$msgSubject = $row["msgSubject"];
$msgTime = $row["msgTime"];
$msgDate = $row["msgDate"];
$msg = $row["msgMessage"];
If I echo or print any of the variables other than my $msg variable, it works great. But no matter what I try, my $msg variable returns undefined.
The content for the "msgMessage" column in the MySQL table is the following:
"Hello John,
How's it going?"
My best guess is that because unlike all the other variables I'm pulling, this one has line breaks, and maybe it can't handle the equivalent of "\n"? So maybe there is some sort of way I need to sanitize it.
Please let me know if there is more information you need.
SOLUTION
My query did not include the variable I was trying to retrieve. It was just one of those silly mistakes that you end up spending too much time on.
If you're just now finding this post, remember to double-check your queries, everyone!
Your problem is here. Mask single quote
"Hello John,
How\'s it going?"
for example
$msg = str_replace("'", "\'", $row["msgMessage"]);
I have text correctly saved into a mariahDB 10.2 database. The text, to complicate matters, is in fact a combination of Regular Expressions and a hybrid code invented by someone else.It can be used unchanged in another application as a text file - not PHP. But it just text at the end of the day. I want to grab data from this table, change it a small amount, and save it in a new table.
The problem is less so about changing the original data much, but more about SELECTING and saving data that is full of backslashes, single quotes, and double quotes to a new table without it being changed when it is saved. Is there a simple way in PHP and MySQL to take text from a table and resave it exactly as it is so the second table is not different from the the first?
For example the first table has the following in it.
add list to list(%section,$plugin function("XpathPlugin.dll", "$Generic Xpath Parser", $document text, "//p[1]/a[#class=\'result-title hdrlnk\' and 1]", "outerhtml", "False"),"Don\'t Delete","Global")
But if I put this into a variable and then INSERT or UPDATE that to another table, MySQL seems to strip out the backslashes, or add backslashes and throw errors for incorrectly formatted SQL.
For instance Don\'t Delete becomes Don't Delete and in other examples \\ become \
In another case ?=\")" loses the a backslash and becomes ?=")"
I have tried dozens of combinations of PHP function to leave the text alone, such as addslashes(), htmlentities(), preg_replace(), various string substitution and nothing get the data back into the table the same way as it came out.
Does anyone have the trick to do this? I would call the function leave_my_text_alone(); !!
EDIT
To add a few things that did not do the trick to get a variable I could update into the database I tried
$omnibotScript = addcslashes($omnibotScript,"'");
I then found I need to do this twice to consider the backslash being removed from before the apostrophe in Don't Delete....or it would throw a MySQL parsing error..Doing it again fixed that. So then I had to put two backslashes back to have one removed. I then added this to consider a double backslash being reduced to single backslash.
$pattern = '/\\\\"/';
$replacement = '\\\\\\\"';
$omnibotScript = preg_replace($pattern, $replacement, $omnibotScript);
But the list went on.
Use prepared statements.
If you use a prepared statement, MySQL will take care of all the escaping you need to get the string back into the table exactly as it came out of it. For example, using MySQLi:
$query = "SELECT s1 FROM t1";
if (!$result = $con->query($query)) {
exit($con->error);
}
$row = $result->fetch_assoc();
$value = $row['s1'];
$query = "INSERT INTO t2(s1) VALUES (?)";
$stmt = $con->prepare($query);
$stmt->bind_param('s', $value);
$stmt->execute();
The value of s1 in t2 will be exactly the same as the value in t1.
I'm using Ckeditor to allow people to format text and then insert in database using mysqli parametized query as follow :
if (isset($_POST['editor1'])) {
$editor1 = htmlentities($_POST['editor1']);
//insert variables in table blog_post
$insert_blog_post_q= $conn->prepare("INSERT INTO blog_posts (blog_body) VALUES (?)");
$insert_blog_post_q->bind_param('s',$editor1);
$insert_blog_post_q->execute();
$insert_blog_post_q->close();
}
When I output the results it creates r\n problems in between the paragraphs as follow
Hello im a title
r\n
More text
r\n
Text text
r\n
This problems will also creates back lashes in img src like this :
<img src='\"https://myimage.com"\'>
This will cause all the image links to be broken.
How can i fix this problem? Thank you
This was not duplicate for me honestly I did not find all the answers to my problems in the suggestions above. However I did solve my problem with the manual.
I output mysqli select result as follow :
//fix r\n from blog post body
$blogpostbody = str_ireplace(array("\r","\n",'\r','\n'),'', $blog_p['post_body']);
//remove backlashes that cause pictures to be broken
$blogpostbodynolashes = stripslashes($blogpostbody);
I have a mysql database with an 'address' field (VARCHAR). I also have a html table that is used to display the addresses of different staff members.
My problem is that data is stored in the address field of the database with linebreaks between each line of the address, but when the data is displayed in the table the line breaks are not there, so the entire address is displayed on one line. How can I fix this?
I'm sure this is a question that is asked all the time, but I can't find the answer anywhere. I'm new to PHP so please forgive my naivety.
UPDATE:
This is basically my code:
if(isset($_POST['submit'])) {
$address = $_POST['address'];
$queryupdate = "UPDATE Staff SET
address= :address WHERE id= :id";
$q = $db->prepare($queryupdate);
$q->execute(array(
":id" => $id,
":address" => $address));
The data in the $address variable is taken from a simple textarea.
Actual line breaks are never shown in HTML unless the word-wrap is set to pre, or an actual pre tag is used. However, to overcome this you can use the nl2br() functionality in PHP. What you'll need to do is use the nl2br() before outputting your data to the browser, and it will give you a HTML formatted string back where the line breaks are prepended by <br> tags.
See the documentation about nl2br() here: http://php.net/manual/en/function.nl2br.php
Using help from #Boy :
I added 'nl2br' before the output of my string.
i might be doing some idiot mistake, but i could not figure that out. i have some values coming from html and wanna insert into mysql db. problem is, the very same query does not work in regular php file (that includes other queries), but when i try on an independent php file, it does. here is a sample of the code:
$sql15="insert into body
(Article_ID, Article_Title)
values
('$article_id', '".$_POST['Article_Title']."') ";
mysql_query($sql15);
as i mentioned, the very same code works when i just copy this snippet to a new php file, and it works smoothly.. as you see, there are 20+ insert with the same php, because there are 25+ tables, but data is not much. first 14 query and following 7 queries do work by the way.
do you have any ideas?
There are some things to check and do.
Sanitize user input:
"('$article_id', '".mysql_real_escape_string($_POST['Article_Title'])."')";
You might also want to check if the value is what you expect.
Is your $article_id correct for column Article_ID?
Are your table and column names correct?
Check for errors:
$res = mysql_query($sql15);
if (!$res)
echo mysql_errno($link) . ": " . mysql_error($link);
Show us you complete query:
echo $sql15;
First of all i would suggest you to write your insert query like below
$sql15="insert into body SET Article_ID = '$article_id', Article_Title = '".$_POST['Article_Title']."'";
echo $sql15;
mysql_query($sql15);
so that each time when you add new column to database it would be easy for u to change insert query. echo your query and see it in browser. in it seems to o.k then copy it and paste it in SQL section under your phpmyadmin (see you are choosing proper database) and run it. if one row inserted successfully then your query is alright.
I hope this would help you a little.
$sql15="insert into body
(Article_ID, Article_Title)
values
('$article_id', '".$_POST['Article_Title']."') ";
mysql_query($sql15) or die(mysql_error());
use like this u will be get the error. then u will be find the issue
I think using mysql_real_escape_string may solve your problem.I also recommend you to store your form data in a string.
$article_title= mysql_real_escape_string($_POST['Article_Title']);
$sql15="insert into body
(Article_ID, Article_Title)
values
('$article_id', '$article_title') ";
mysql_query($sql15) or die(mysql_error());