current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

i am saving html data itno mysql database.I am encoding my html data by this method

$html = trim(addslashes(htmlspecialchars(
        html_entity_decode($_POST['html'], ENT_QUOTES, 'UTF-8'),
        ENT_QUOTES, 'UTF-8'
    )));

But when I am fetching data,back from databse,my scripts looks weird and nothing works. This is how I am again decoding when taking data from database. Its what I am getting back

'<head>\n  <meta charset="utf-8">\n        <meta http-equiv="Pragma" content="no-cache">\n    <meta http-equiv="Expires" content="-1">\n  <link href="css/style.css" rel="stylesheet" type="text/css">\n  <script src="js/jquery.min.js">\n        </script>\n </head>\n    \n    \n <body style="background-image: url(http://localhost:8019/SGMC/Images/bg_1.png);">\n  <div class="header"> \n         <a style="margin-left:45%; \n               margin-top:5px; \n                        line-height:50px">\n               SGMC Portal\n            </a> \n            \n            <a class="button" style="float:right; \n                 top:0px;\n                    margin-right:20px;\n                    font-size:14px;" href="home.php">\n                    \n                <img src="Images/home_icon.png" alt="Home" id="homelogo">\n            </a>\n            \n     <ul id="headerright">\n       <li> \n                 <img src="Images/user_icon.png" id="userlogo" alt="User Icon">\n         \n                     \n          \n     Default           \n                     \n          <img src="Images/down_arrow.png" alt="Choose">\n                    \n                    <ul id="dropdown">\n                     <li>\n                         <a href="devices.php">\n                             <div>Devices</div>\n                            </a>\n                        </li>\n            <li>\n                         <a href="configurations.php">\n                          <div>Configuration</div>\n                            </a>\n                        </li>\n            <li>\n                         <a href="settings.php">\n                             <div>Settings</div>\n                            </a>\n                        </li>\n            <li>\n                         <a href="logout.php">\n                             <div>Log Out</div>\n                            </a>\n                        </li>\n          </ul>\n       </li>\n     </ul>\n  </div>\n \n \n\n\n <link rel="stylesheet" type="text/css" href="xsdfile/stl.css">\n <script src="xsdfile/js/jquery-1.3.2.min.js" type="text/javascript"></script>\n <script>\n function gen(hidden_id,div_id,min,max,btn_id)\n { \n  \n  \n  var counter=parseInt(document.getElementById(hidden_id).value);\n  if(max=="unbounded")\n  {  counter=counter+1;\n    document.getElementById(hidden_id).value=counter;  \n    var xmlhttp;\n    if (window.XMLHttpRequest)\n      {// code for IE7+, Firefox, Chrome, Opera, Safari\n      xmlhttp=new XMLHttpRequest();\n      }\n    else\n      {// code for IE6, IE5\n      xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");\n      }\n    xmlhttp.onreadystatechange=function()\n      {\n      if (xmlhttp.readyState==4 && xmlhttp.status==200)\n        {\n        document.getElementById(div_id).innerHTML=xmlhttp.responseText;\n        }\n      }\n    xmlhttp.open("GET","xsdfile/form.php?counter="+counter,true);\n    xmlhttp.send();\n   $(function(){$('#'+btn_id).remove();});\n  }\n  else \n  { \n   var len=$('div[id^=complexType_]').length;\n   if(len<max)\n   {\n    counter=counter+1;\n    document.getElementById(hidden_id).value=counter;  \n    var xmlhttp;\n    if (window.XMLHttpRequest)\n      {// code for IE7+, Firefox, Chrome, Opera, Safari\n      xmlhttp=new XMLHttpRequest();\n      }\n    else\n      {// code for IE6, IE5\n      xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");\n      }\n    xmlhttp.onreadystatechange=function()\n      {\n      if (xmlhttp.readyState==4 && xmlhttp.status==200)\n        {\n        document.getElementById(div_id).innerHTML=xmlhttp.responseText;\n        }\n      }\n    xmlhttp.open("GET","xsdfile/form.php?counter="+counter,true);\n    xmlhttp.send();\n    \n    $(function(){$('#'+btn_id).remove();});\n   }\n   else\n   {\n   alert("Maximum fields are already opended");\n   }\n   \n   \n  }\n \n \n\n }\n  function addField(complex_name,div_id,hidden_id,txtBox_id,min,max,count)\n  {\n   var name=txtBox_id.substring(0, txtBox_id.length - 9);\n   \n   var a=parseInt(document.getElementById(hidden_id).value);\n   \n   if(a+min<max+1)\n   {\n    \n     document.getElementById(div_id).innerHTML +='<input type="text" name="'+complex_name+'['+count+'].'+name+'[]" id='+txtBox_id+(min+a)+' ><input type="button" id="remove_'+txtBox_id+(a+min)+'" value="-" style="width:30px;position:relative;left:5px;" onclick="removeField(\\'remove_'+txtBox_id+(a+min)+'\\',\\''+txtBox_id+(min+a)+'\\',\\''+hidden_id+'\\')"> </div></div>';\n    document.getElementById(hidden_id).value=(a+1);\n   }\n   else\n   {\n    alert("Maximum fields are already opended");\n   }\n   \n  }\n  function removeField(btn_id,txtBox_id,hidden_id)\n  {\n   $(function(){\n    $('#'+txtBox_id).remove();\n    $('#'+btn_id).remove();\n   });\n   document.getElementById(hidden_id).value=parseInt(document.getElementById(hidden_id).value)-1;\n  }\n  function removeComplexType(div_id,btn_id)\n  {\n   $(function(){\n    $('#'+div_id).remove();\n    $('#'+btn_id).remove();\n   });\n  }\n </script>\n \n\n\n\n<script type="text/javascript" src="xsdfile/form2object.js"></script>\n\n<script type="text/javascript" src="xsdfile/json2.js"></script>\n\n<script type="text/javascript">\n\n function test()\n\n {\n  var formData = form2object('testForm', '.', true,\n\n    function(node)\n\n    {\n\n     if (node.id && node.id.match(/callbackTest/))\n\n     {\n      return { name: node.id, value: node.innerHTML };\n     }\n\n    });\n  $(function() {\n    htmlData = $("html").html();\n   \n  });\n   \n  jsonString=JSON.stringify(formData, null, '\\t');\n  confName=document.getElementById("configuration_name..

I am encoding this by this method.

$html_data = html_entity_encode($arr[0]);

This code is working fine for html elements,but still my script not working as still some characters are not yet removed.Where am I going wrong?

share|improve this question
    
It is not a very good idea to try to roll your own sanitization schemes. Have a look at PDO. –  Two-Bit Alchemist Mar 12 at 5:57
1  
addslashes() is about as useful for preventing sql injection attacks as a piece of wet toilet paper is as a rope: it's UTTERLY USELESS. –  Marc B Mar 12 at 5:57
    
Whatever,but still I am bound to do this,Please help.How to remove characters from scripts also –  Abhishek Mar 12 at 6:09
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.