0

I have copies text from many html files into one text file/variable and I wants to insert this data(basically html code) into mysql database. I have tried mysql_real_escape_string. But it is still no working. This is what I am doing :

$contentFromHtmlFile=file_get_contents($file);  
$all_html_content.=$contentFromHtmlFile; 
$all_html_content=mysql_real_escape_string($all_html_content);  
$insert_query = "insert into $databasetable (pdf_id,pdf_text_data) values (190,$all_html_content);";

mysql_query($insert_query) or die(mysql_error());

This is the error :

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '<meta charset=\&quot;utf-8\&quot; />\n\n<div id=\&quot;jpedal\&quot; style=\&quo' at line 1

Here link of text I wants to insert: http://pastebin.com/F3BD745h

Improve this question
3
  • You still need to wrap quotes around the data: '$all_html_content' Commented Sep 3, 2013 at 15:30
  • Don't use mysql_* queries as they are being deprecated (won't exist in future versions) and highly susceptible to sql injection. You should switch your code over to mysqli or PDO, and bind the parameters, which will take care of the escaping of quotes. Commented Sep 3, 2013 at 15:31
  • Please, DO NOT use mysql_query in new applications. It's a deprecated interface that's being removed from future versions of PHP. A modern interface like PDO supports parameterized queries which makes properly escaping your data a lot easier, and your code way more readable. It also avoids these quotation issues you're having here. Commented Sep 3, 2013 at 15:50

2 Answers 2

Reset to default
1

You have put string values inside single quotes:

 $insert_query = "insert into $databasetable(pdf_id,pdf_text_data)values(190,'$all_html_content');";

P.S:mysql_ function are depricared , don't use them. Use mysqli or PDO.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

tip: if all you're doing is copying a wide/long code snippet and changing a few characters, then point out where those characters are. a ' is easy to miss.
0

Wrap your variable around single quotes to signify that it's a string (in this case):

$insert_query = "INSERT INTO $databasetable(pdf_id, pdf_text_data)
                 VALUES(190, '$all_html_content');";
                             ^                 ^

Also, if you do not need to use the string for searching or any similar operations, I'd recommend converting it an ordinary string with base64_encode():

$contentFromHtmlFile = file_get_contents($file);  
$all_html_content .= $contentFromHtmlFile;  
$all_html_content = base64_encode($all_html_content);
$all_html_content = mysql_real_escape_string($all_html_content);
Improve this answer

2 Comments

wut? Why in b64? Data will be larger by 33%
@bordeux: that's probably some kind of cargo-cult security.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.