Go Back   nV News Forums > Software Forums > Software Development

Newegg Daily Deals

Reply
 
Thread Tools
Old 07-11-07, 12:37 PM   #1
adbox
Registered User
 
Join Date: Jul 2007
Posts: 6
Default Storing Javascript into MYSQL

I have created a field within a registration form that gives the option to include a javascript insert particular to a webstat program I have designed.
I would like the form to input the javascript particular to the user into the database, so It may be called in the background from a template.

What should I set the database column to be to hold the java script.
I have created it as VarChar 255 and it holds regular texts, but I imagine the javascript will be larger than 255 characters and when I input a small html such as "br" the database does not hold the entry. In stead it seems to cancel out whatever was stored into the database before and leave it blank when I refresh to look at the form again.

Is this a problem with the field type?

What do you recommend?
adbox is offline   Reply With Quote
Old 07-11-07, 01:21 PM   #2
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Storing Javascript into MYSQL

1) Show us the form/database submission code.
2) What type of DBServer? MSSQL, MySQL?
3) Are you escaping the SQL input?
4) With a name like adbox I can only imagine you're serving banner-ads. True or False?

Basically, you've given us very little information.
evilghost is offline   Reply With Quote
Old 07-11-07, 02:21 PM   #3
ViN86
 
Join Date: Mar 2004
Posts: 15,486
Default Re: Storing Javascript into MYSQL

you could use a Text field. it will hold 65536 characters. make sure you escape the string (like ghost said) and seriously, please post more info like your DB (again like ghost said).
ViN86 is offline   Reply With Quote
Old 07-11-07, 02:34 PM   #4
adbox
Registered User
 
Join Date: Jul 2007
Posts: 6
Default Re: Storing Javascript into MYSQL

Quote:
Originally Posted by ViN86
you could use a Text field. it will hold 65536 characters. make sure you escape the string (like ghost said) and seriously, please post more info like your DB (again like ghost said).

I am trying to store a javascript code into a MYSQL database.

I do not know what you mean by escaping the sql.

/**
* Build the sql query.
*/

$sql = "INSERT into sql_restaurants set

user_id = '$this->user_id',
restaurant_name = '$this->restaurant_name',
restaurant_address1 = '$this->restaurant_address1',
restaurant_address2 = '$this->restaurant_address2',
restaurant_zip = '$this->restaurant_zip',
restaurant_phone = '$this->restaurant_phone',
restaurant_category = '$this->restaurant_category',
opening_hours = '$this->opening_hours',
eat_in = '$this->eat_in',
take_out = '$this->take_out',
we_deliver = '$this->we_deliver',
website = '$this->website',
goodstats = '$this->goodstats'
restaurant_reg_date = NOW(),
restaurant_status = '0'";


The column that I am working with is 'goodstats' > and it is a webstat program that I have designed. Although I did not write, I outsourced a good php programmer to write it. Now I want to integrate it into another porgram i designed called eatphp.

I do not serve banner ads. I do not even know what way you can serve ads. Adbox is short for adistantbox, has been my handle a long time
adbox is offline   Reply With Quote
Old 07-11-07, 02:41 PM   #5
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Storing Javascript into MYSQL

Your Javascript likely contains ' (single tick) and as a result it's getting munged in your SQL because you're using the single tick. You need to escape the input so single tick is interpreted as part of the query data itself and not the actual query construct.

mysql_real_escape_string() should do the trick and hopefully fix your issues, http://us.php.net/manual/en/function...ape-string.php

goodstats = '".mysql_real_escape_string($this->goodstats)."'

Also, don't use varchar, use BLOB, MEDIUMBLOB, or TINYBLOB.
evilghost is offline   Reply With Quote
Old 07-11-07, 02:43 PM   #6
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Storing Javascript into MYSQL

Quote:
Originally Posted by adbox
I do not serve banner ads. I do not even know what way you can serve ads. Adbox is short for adistantbox, has been my handle a long time
No problem, you're newly registered, and this is your only post. I didn't want to help a possible spammer. Welcome to NVNews, glad to have you here.
evilghost is offline   Reply With Quote
Old 07-11-07, 02:53 PM   #7
adbox
Registered User
 
Join Date: Jul 2007
Posts: 6
Default Re: Storing Javascript into MYSQL

Quote:
Originally Posted by evilghost
No problem, you're newly registered, and this is your only post. I didn't want to help a possible spammer. Welcome to NVNews, glad to have you here.
Thanks, happy to find good help here, thanks for your time too.


I edited the php to include the excape string, and im sure that step is a must, but I still cannot get the database to hold anything with carrots.

<munkey(endcarrot) will clear the entry and the form reloads blank.

The goodstats column is blob now.
adbox is offline   Reply With Quote
Old 07-11-07, 03:01 PM   #8
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Storing Javascript into MYSQL

I really need to see the PHP/Form code, it could be that the values are being correctly written to the database (can you verify with mysql?) and that when you echo/include the code it's being rendered by the browser.

If you want to PM me the site I'll take a look and work with you. I can even get on IRC (freenode.net) if you want.

It's hard for me to see what's happening behind the scenes. The mysql_real_escape_string() is a must, and BLOB supports 2^16 (65535 char), so I think we're moving in the right direction.
evilghost is offline   Reply With Quote

Old 07-11-07, 03:01 PM   #9
adbox
Registered User
 
Join Date: Jul 2007
Posts: 6
Default Re: Storing Javascript into MYSQL

This is code from the main php file that handles the form editing process. All the code blow is the code that involves the 'goodstats' column

/**
* Sanitize the posted values.
*/
$restaurant_name = Sanitize::data($_POST['restaurant_name'], "string");
$restaurant_address1 = Sanitize::data($_POST['restaurant_address1'], "string");
$restaurant_address2 = Sanitize::data($_POST['restaurant_address2'], "string");
$restaurant_zip = Sanitize::data($_POST['restaurant_zip'], "integer");
$restaurant_phone = Sanitize::data($_POST['restaurant_phone'], "string");
$restaurant_category = Sanitize::data($_POST['restaurant_category'], "integer");
$opening_hours = Sanitize::data($_POST['opening_hours'], "string");
$eat_in = Sanitize::data($_POST['eat_in'], "integer");
$take_out = Sanitize::data($_POST['take_out'], "integer");
$we_deliver = Sanitize::data($_POST['we_deliver'], "integer");
$website = Sanitize::data($_POST['website'], "string");
$goodstats = Sanitize::data($_POST['goodstats'], "string");

/**
* Set the object properties.
*/
$restaurant_obj->setMember("user_id", $_SESSION['logged_user_id']);
$restaurant_obj->setMember("restaurant_name", $restaurant_name);
$restaurant_obj->setMember("restaurant_address1", $restaurant_address1);
$restaurant_obj->setMember("restaurant_address2", $restaurant_address2);
$restaurant_obj->setMember("restaurant_zip", $restaurant_zip);
$restaurant_obj->setMember("restaurant_phone", $restaurant_phone);
$restaurant_obj->setMember("restaurant_category", $restaurant_category);
$restaurant_obj->setMember("opening_hours", $opening_hours);
$restaurant_obj->setMember("eat_in", $eat_in);
$restaurant_obj->setMember("take_out", $take_out);
$restaurant_obj->setMember("we_deliver", $we_deliver);
$restaurant_obj->setMember("website", $website);
$restaurant_obj->setMember("goodstats", $goodstats);

/**
* Try to add the new restaurant to the database.
*/
if($restaurant_obj->edit($error_message)){
/**
* Redirect the user to the "thank you" page.
*/
header("location: company_restaurants.php?id=".$_SESSION['logged_user_id']);
exit;
}
}
$restaurant_name = isset($restaurant_name) ? $restaurant_name : $restaurant_obj->restaurant_name;
$restaurant_address1 = isset($restaurant_address1) ? $restaurant_address1 : $restaurant_obj->restaurant_address1;
$restaurant_address2 = isset($restaurant_address2) ? $restaurant_address2 : $restaurant_obj->restaurant_address2;
$restaurant_zip = isset($restaurant_zip) ? $restaurant_zip : $restaurant_obj->restaurant_zip;
$restaurant_phone = isset($restaurant_phone) ? $restaurant_phone : $restaurant_obj->restaurant_phone;
$restaurant_category = isset($restaurant_category) ? $restaurant_category : $restaurant_obj->restaurant_category;
$opening_hours = isset($opening_hours) ? $opening_hours : $restaurant_obj->opening_hours;
$eat_in = isset($eat_in) ? $eat_in : $restaurant_obj->eat_in;
$take_out = isset($take_out) ? $take_out : $restaurant_obj->take_out;
$website = isset($website) ? $website : $restaurant_obj->website;
$goodstats = isset($goodstats) ? $goodstats : $restaurant_obj->goodstats;
adbox is offline   Reply With Quote
Old 07-11-07, 03:05 PM   #10
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Storing Javascript into MYSQL

Is your Sanitize::data class stripping the HTML entities?
evilghost is offline   Reply With Quote
Old 07-11-07, 03:13 PM   #11
adbox
Registered User
 
Join Date: Jul 2007
Posts: 6
Default Re: Storing Javascript into MYSQL

I need to find the sanatize data whatever and see what it does. Im going to try removing the line completely and see if it works. brb
adbox is offline   Reply With Quote
Old 07-11-07, 03:17 PM   #12
adbox
Registered User
 
Join Date: Jul 2007
Posts: 6
Default Re: Storing Javascript into MYSQL

Whooo! success! It holds the information now.

Thank you alot for your help.
adbox is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
MySQL 5.5.25 News Latest Tech And Game Headlines 0 06-15-12 06:00 AM
MySQL 5.5.24 News Latest Tech And Game Headlines 0 05-09-12 06:10 AM

All times are GMT -5. The time now is 01:38 PM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.