Storing Javascript into MYSQL

[adbox]

I have created a field within a registration form that gives the option to include a javascript insert particular to a webstat program I have designed.
I would like the form to input the javascript particular to the user into the database, so It may be called in the background from a template.

What should I set the database column to be to hold the java script.
I have created it as VarChar 255 and it holds regular texts, but I imagine the javascript will be larger than 255 characters and when I input a small html such as "br" the database does not hold the entry. In stead it seems to cancel out whatever was stored into the database before and leave it blank when I refresh to look at the form again.

Is this a problem with the field type?

What do you recommend?

[evilghost]

1) Show us the form/database submission code.
2) What type of DBServer? MSSQL, MySQL?
3) Are you escaping the SQL input?
4) With a name like adbox I can only imagine you're serving banner-ads. True or False?

Basically, you've given us very little information.

[ViN86]

you could use a Text field. it will hold 65536 characters. make sure you escape the string (like ghost said) and seriously, please post more info like your DB (again like ghost said).

[adbox]

Quote:

Originally Posted by ViN86

you could use a Text field. it will hold 65536 characters. make sure you escape the string (like ghost said) and seriously, please post more info like your DB (again like ghost said).

I am trying to store a javascript code into a MYSQL database.

I do not know what you mean by escaping the sql.

/**
* Build the sql query.
*/

$sql = "INSERT into sql_restaurants set

user_id = '$this->user_id',
restaurant_name = '$this->restaurant_name',
restaurant_address1 = '$this->restaurant_address1',
restaurant_address2 = '$this->restaurant_address2',
restaurant_zip = '$this->restaurant_zip',
restaurant_phone = '$this->restaurant_phone',
restaurant_category = '$this->restaurant_category',
opening_hours = '$this->opening_hours',
eat_in = '$this->eat_in',
take_out = '$this->take_out',
we_deliver = '$this->we_deliver',
website = '$this->website',
goodstats = '$this->goodstats'
restaurant_reg_date = NOW(),
restaurant_status = '0'";


The column that I am working with is 'goodstats' > and it is a webstat program that I have designed. Although I did not write, I outsourced a good php programmer to write it. Now I want to integrate it into another porgram i designed called eatphp.

I do not serve banner ads. I do not even know what way you can serve ads. Adbox is short for adistantbox, has been my handle a long time

[evilghost]

Your Javascript likely contains ' (single tick) and as a result it's getting munged in your SQL because you're using the single tick. You need to escape the input so single tick is interpreted as part of the query data itself and not the actual query construct.

mysql_real_escape_string() should do the trick and hopefully fix your issues, http://us.php.net/manual/en/function...ape-string.php

goodstats = '".mysql_real_escape_string($this->goodstats)."'

Also, don't use varchar, use BLOB, MEDIUMBLOB, or TINYBLOB.

[evilghost]

Quote:

Originally Posted by adbox

I do not serve banner ads. I do not even know what way you can serve ads. Adbox is short for adistantbox, has been my handle a long time

No problem, you're newly registered, and this is your only post. I didn't want to help a possible spammer. Welcome to NVNews, glad to have you here.

[adbox]

Quote:

Originally Posted by evilghost

No problem, you're newly registered, and this is your only post. I didn't want to help a possible spammer. Welcome to NVNews, glad to have you here.

Thanks, happy to find good help here, thanks for your time too.


I edited the php to include the excape string, and im sure that step is a must, but I still cannot get the database to hold anything with carrots.

<munkey(endcarrot) will clear the entry and the form reloads blank.

The goodstats column is blob now.

[evilghost]

I really need to see the PHP/Form code, it could be that the values are being correctly written to the database (can you verify with mysql?) and that when you echo/include the code it's being rendered by the browser.

If you want to PM me the site I'll take a look and work with you. I can even get on IRC (freenode.net) if you want.

It's hard for me to see what's happening behind the scenes. The mysql_real_escape_string() is a must, and BLOB supports 2^16 (65535 char), so I think we're moving in the right direction.

[adbox]

This is code from the main php file that handles the form editing process. All the code blow is the code that involves the 'goodstats' column

/**
* Sanitize the posted values.
*/
$restaurant_name = Sanitize::data($_POST['restaurant_name'], "string");
$restaurant_address1 = Sanitize::data($_POST['restaurant_address1'], "string");
$restaurant_address2 = Sanitize::data($_POST['restaurant_address2'], "string");
$restaurant_zip = Sanitize::data($_POST['restaurant_zip'], "integer");
$restaurant_phone = Sanitize::data($_POST['restaurant_phone'], "string");
$restaurant_category = Sanitize::data($_POST['restaurant_category'], "integer");
$opening_hours = Sanitize::data($_POST['opening_hours'], "string");
$eat_in = Sanitize::data($_POST['eat_in'], "integer");
$take_out = Sanitize::data($_POST['take_out'], "integer");
$we_deliver = Sanitize::data($_POST['we_deliver'], "integer");
$website = Sanitize::data($_POST['website'], "string");
$goodstats = Sanitize::data($_POST['goodstats'], "string");

/**
* Set the object properties.
*/
$restaurant_obj->setMember("user_id", $_SESSION['logged_user_id']);
$restaurant_obj->setMember("restaurant_name", $restaurant_name);
$restaurant_obj->setMember("restaurant_address1", $restaurant_address1);
$restaurant_obj->setMember("restaurant_address2", $restaurant_address2);
$restaurant_obj->setMember("restaurant_zip", $restaurant_zip);
$restaurant_obj->setMember("restaurant_phone", $restaurant_phone);
$restaurant_obj->setMember("restaurant_category", $restaurant_category);
$restaurant_obj->setMember("opening_hours", $opening_hours);
$restaurant_obj->setMember("eat_in", $eat_in);
$restaurant_obj->setMember("take_out", $take_out);
$restaurant_obj->setMember("we_deliver", $we_deliver);
$restaurant_obj->setMember("website", $website);
$restaurant_obj->setMember("goodstats", $goodstats);

/**
* Try to add the new restaurant to the database.
*/
if($restaurant_obj->edit($error_message)){
/**
* Redirect the user to the "thank you" page.
*/
header("location: company_restaurants.php?id=".$_SESSION['logged_user_id']);
exit;
}
}
$restaurant_name = isset($restaurant_name) ? $restaurant_name : $restaurant_obj->restaurant_name;
$restaurant_address1 = isset($restaurant_address1) ? $restaurant_address1 : $restaurant_obj->restaurant_address1;
$restaurant_address2 = isset($restaurant_address2) ? $restaurant_address2 : $restaurant_obj->restaurant_address2;
$restaurant_zip = isset($restaurant_zip) ? $restaurant_zip : $restaurant_obj->restaurant_zip;
$restaurant_phone = isset($restaurant_phone) ? $restaurant_phone : $restaurant_obj->restaurant_phone;
$restaurant_category = isset($restaurant_category) ? $restaurant_category : $restaurant_obj->restaurant_category;
$opening_hours = isset($opening_hours) ? $opening_hours : $restaurant_obj->opening_hours;
$eat_in = isset($eat_in) ? $eat_in : $restaurant_obj->eat_in;
$take_out = isset($take_out) ? $take_out : $restaurant_obj->take_out;
$website = isset($website) ? $website : $restaurant_obj->website;
$goodstats = isset($goodstats) ? $goodstats : $restaurant_obj->goodstats;

[evilghost]

Is your Sanitize::data class stripping the HTML entities?

[adbox]

I need to find the sanatize data whatever and see what it does. Im going to try removing the line completely and see if it works. brb

[adbox]

Whooo! success! It holds the information now.

Thank you alot for your help.