A MySQL database with data submitted via HTML & PHP that stores text and HTML code. The database accepts the data and allows fetch to display just fine.
EXAMPLE of text and HTML code submitted:
<span style=""color:red;''>```Test text```</span>
In shared hosting, phpMyAdmin, select database & table, select edit…looks like this online:
<span style="color:red;">```Test text```</span>
- If I submit anything to be stored using a single quote, it is rejected.
- If I type a single quote into the Edit field in phpMyAdmin (including typing 2 single quotes for escaping), it is rejected.
- If I submit anything to be stored using doubled single quotes (for one single quote), it is accepted.
When the accepted and stored text and data is fetched and used to repopulate the Input data entry form page’s textarea, the fetched text and HTML code look like the version in the Edit field in phpMyAdmin:
<span style="color:red;">Test text</span>
HOWEVER, now that it exists in my Input data entry form’s textarea, the single quotes are somehow different than those in the Edit field, even though they look the same. If the text and HTML code just fetched from the database is then re-submitted, it is rejected due to single quotes. This rather defeats the reason for repopulating the textarea.
My purpose in repopulating the textarea is to avoid the need to manually reenter the data just to make a minor adjustment or change.
What do I need to do in order for the intended admin user to enter text and HTML code using single or double quotes without escaping manually in the textarea input? Whatever conversion of that plain text and HTML code to a form acceptable by MySQLi needs to happen without the admin user needing to adjust code-related quotes. Similarly, when the data is fetched and the textarea repopulated, it should be possible to simply resubmit to the database without manually readjusting quotes, etc.
Searching on the web has been fruitless. Everyone wants to explain how to escape quotes, but I don’t need to know how to manually write escape code…not to mention that the posts are pretty much all very old and about SQL or MySQL, some referring to the deprecated *`mysql_real_escape_string function, etc. I need to find:
- a way to process the HTML code attributes’ quotes, etc. somewhere between the Input form/Update page and the database.
- a way to process the fetched HTML code attributes’ quotes, etc. before it reaches the textarea such that it can be easily resubmitted after edits.
FYI: The database fields used to store text and HTML code pieces are text fields collated as utf5mb4_unicode_ci.
Suggestions?
You need to sign in to view this answers
Leave feedback about this