I’d like to store some div content when a button is pressed. I need/want to save the html tags as well in order to reuse.
When I replace the post variables by any type of string, it works flawlessly. I tried cleaning the html variable from line breaks but it didn’t do it, tried also to shell the $HTML post in a $var = <<<HTML HTML, but this didn’t work either.
Here is the javascript :
$("#save").click(function(){
var pageHTML = $("#page_wrap").html();
var name_page = "name";
jQuery.ajax({
type: "POST",
url: "php/saveModel.php",
data: { nHTML: pageHTML,
page : name_page
},
success:function(data){
var responseData = jQuery.parseJSON(data);
var new_div = responseData.message;
$("#page_wrap > *").remove();
$("#page_wrap").prepend(new_div);
$('.editable').aloha();
}
})
})
And here is the php :
<?php
mysql_connect('localhost','name','pwd');
mysql_select_db('db');
mysql_query("SET NAMES 'utf8'");
$id = $_POST['page'];
$HTMLpost = $_POST['nHTML'];
$insertSignup = mysql_query("UPDATE Table_name SET model_test='$HTMLpost' WHERE identifiant='$id'");
if($insertSignup){
$status = "success";
$message = "OK";
}
else {
$status = "error";
$message = "NOT OK";
}
//return json response
$data = array(
'status' => $status,
'message' => $message
);
echo json_encode($data);
exit;
?>
Thanks !
Simple answer: use
mysql_real_escape_string()to change the quotes to make it safe for entry into the database.Longer answer: You should not be using the mysql_() functions as they are being depreciated. Check out prepared statements with PDO or mysqli instead – they will safely handle this for you (and they are not being depreciated).
Reading: http://php.net/manual/en/pdo.prepared-statements.php or google for more – plenty of examples around. Best to learn now before you get stung when the mysql_() functions do get removed.