file get content

Discussion in 'PHP' started by roice, Jun 9, 2010.

  1. #1
    Hello,
    I'm using the PHP function FILE_GET_CONTENT in order to recieve the HTML code from some website.
    For some reason, when I tried to input the HTML code into the DB I got the follow message:
    Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use

    I check it and I find the apostrophe (') in the HTML code cause this error.
    When I tried to input the HTML code directly into the DB (using PHPMYADMIN) all worked fine.

    How can I fix it?
     
    roice, Jun 9, 2010 IP
  2. stephan2307

    stephan2307 Well-Known Member

    Messages:
    1,277
    Likes Received:
    33
    Best Answers:
    7
    Trophy Points:
    150
    #2
    INSERT INTO `tablename`(`htmlcode`) VALUES ("'.addslashes($htmlcode).'")
    PHP:
     
    stephan2307, Jun 9, 2010 IP
  3. silviuks

    silviuks Peon

    Messages:
    43
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    try addslashes or mysql_real_escape_string functions
     
    silviuks, Jun 9, 2010 IP
  4. roice

    roice Peon

    Messages:
    200
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Thanks Stephan,
    I used:
    $html = addslashes(file_get_contents($url));
    PHP:
    why did you wrote
    '.addslashes($htmlcode).'
    with apostrophe and dot
    ?
     
    roice, Jun 9, 2010 IP
  5. roice

    roice Peon

    Messages:
    200
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    function mysql_real_escape_string removes special character ?
     
    roice, Jun 9, 2010 IP
  6. roopajyothi

    roopajyothi Active Member

    Messages:
    1,302
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    80
    #6
    I hope it will in preventing mysql injection
     
    roopajyothi, Jun 9, 2010 IP
  7. silviuks

    silviuks Peon

    Messages:
    43
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #7
    - from php.net
     
    silviuks, Jun 9, 2010 IP
  8. roopajyothi

    roopajyothi Active Member

    Messages:
    1,302
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    80
    #8
    roopajyothi, Jun 9, 2010 IP
  9. stephan2307

    stephan2307 Well-Known Member

    Messages:
    1,277
    Likes Received:
    33
    Best Answers:
    7
    Trophy Points:
    150
    #9
    I don't use "" as php will take time to look through the string for variables. So instead I use '' to get a variable value into a string.

    examples
    
    $str = "Hello $name";
    
    PHP:
    
    $str = 'Hello '.$name;
    
    PHP:
    That's how I do it but other ways are not wrong.
     
    stephan2307, Jun 9, 2010 IP