Need help outputting HTML with Nested PHP

[doubledee]

The code below is in a PHP file, but is really HTML with nested PHP.

 

<img src="<?php echo WEB_ROOT; ?>images/BeachSunset.jpg" width="200"
						 alt="Picture: Beach Sunset."
						 title="Picture: Beach Sunset." />

 

I want to put it in a MySQL record and output it using PHP.

 

So how do I re-write this code so that it can be displayed with the same end effect using a PHP Echo statement??

 

(I seem to be having trouble figuring things out with MySQL in the way?!  :-\

 

Thanks,

 

 

Debbie

 

[MasterACE14]

create a 'images' table, with columns 'src', 'width', 'alt', 'title'. all VARCHAR data type.

 

Then you can just...

<?php
$src = "images/BeachSunset.jpg";
$width = "200";
$alt = "Picture: Beach Sunset.";
$title = "Picture: Beach Sunset.";

$q = mysql_query("INSERT INTO `images`(src,width,alt,title) VALUES ('".$src."', '".$width."', '".$alt."', '".$title."')") or die(mysql_error());

$q = mysql_query("SELECT * FROM `images`") or die(mysql_error());

if(mysql_num_rows($q) > 0) {
while($row = mysql_fetch_assoc($q)) {
   echo "<img src=\"". WEB_ROOT . $row['src'] ."\" width=\"".$row['width']."\" alt=\"".$row['alt']."\" title=\"".$row['title']."\" />";
} 
} else {
   echo "No images to display!";
}
?>

[doubledee]

MasterACE14,

 

Nice solution but the wrong one.

 

I wrote article as HTML/Text pages and I want to put them in MySQL, and wanted a way for my HTML to still have an embedded reference to my constant WEB_ROOT so that the HTML is updated with the proper link.

 

Because the code I posted is PHP inside of HTML, I need to flip that so I can use a PHP echo to display the HTML with that extra WEB_ROOT part.

 

Follow me?

 

(Technically I don't need to do this, as I set up a Virtual Host which was causing issues after I used a Mod_Rewrite, however I would still like a way to do it this way.)

 

 

Debbie

 

 

[MasterACE14]

something like... ?

echo "<img src=\"".WEB_ROOT."images/BeachSunset.jpg\" width=\"200\"
						 alt=\"Picture: Beach Sunset.\"
						 title=\"Picture: Beach Sunset.\" />";

[doubledee]

something like... ?

echo "<img src=\"".WEB_ROOT."images/BeachSunset.jpg\" width=\"200\"
						 alt=\"Picture: Beach Sunset.\"
						 title=\"Picture: Beach Sunset.\" />";

 

Closer... 

 

Question.

 

If I have echo $article; what happens to the text in $article??

 

Does it get wrapped in double quotes?  Maybe single quotes?  No quotes?

 

 

Debbie

 

 

[MasterACE14]

nothing happens, it is displayed exactly how it is. Unless you of course change the output with functions...

echo addslashes($article); // will add slashes to escape characters
echo stripslashes($article); // will strip any slashes that exist

[doubledee]

nothing happens, it is displayed exactly how it is. Unless you of course change the output with functions...

echo addslashes($article); // will add slashes to escape characters
echo stripslashes($article); // will strip any slashes that exist

 

Normally you write PHP as...

 

echo "Hello World"

 

or

 

echo 'Hello World'

 

 

So doesn't...

 

echo $helloWorldVariable;

 

...wrap a single or double quote on each side of the variable's contents BEFORE it displays things?

 

 

 

Debbie

 

 

[MasterACE14]

...wrap a single or double quote on each side of the variable's contents BEFORE it displays things?

 

nope, it's like the PHP tags <?php  ?> it simply tells the PHP parser where it begins and where it ends. It isn't included in it.

[doubledee]

...wrap a single or double quote on each side of the variable's contents BEFORE it displays things?

 

nope, it's like the PHP tags <?php  ?> it simply tells the PHP parser where it begins and where it ends. It isn't included in it.

 

 

Okay, so let's revisit your earlier code...

 

something like... ?

echo "<img src=\"".WEB_ROOT."images/BeachSunset.jpg\" width=\"200\"
						 alt=\"Picture: Beach Sunset.\"
						 title=\"Picture: Beach Sunset.\" />";

 

If I store this in my MySQL field...

 

<img src=\"".WEB_ROOT."images/BeachSunset.jpg\" width=\"200\"
			 alt=\"Picture: Beach Sunset.\"
			 title=\"Picture: Beach Sunset.\" />

 

without the enclosing double quotes, then can I assign it to a variable and echo it in PHP?

 

(Follow what I'm trying to do?)

 

 

Debbie

 

 

[MasterACE14]

Yep you could do that, but for greater flexibility you could break it down into 4 different columns like I did with my first example. You can do a lot more with it that way. Such as selecting the images and ordering by the 'width' field for example.

[doubledee]

Yep you could do that, but for greater flexibility you could break it down into 4 different columns like I did with my first example. You can do a lot more with it that way. Such as selecting the images and ordering by the 'width' field for example.

 

If I do it the last way I was asking about, I guess I to deal wit all those ugly backslashes (\), huh?

 

 

Debbie

 

 

[MasterACE14]

$insert = stripslashes("<img src=\"".WEB_ROOT."images/BeachSunset.jpg\" width=\"200\"
			 alt=\"Picture: Beach Sunset.\"
			 title=\"Picture: Beach Sunset.\" />");

problem solved.

[doubledee]

$insert = stripslashes("<img src=\"".WEB_ROOT."images/BeachSunset.jpg\" width=\"200\"
			 alt=\"Picture: Beach Sunset.\"
			 title=\"Picture: Beach Sunset.\" />");

problem solved.

 

Master,

 

I appreciate all of your attention tonight, but your solution - and all that is involved to get there - is making think that what I really need to do is create an HTML form where I can author or copy & paste my articles already marked up in HTML.

 

And use mysqli_real_escape_string to do what we are painstakingly doing manually.

 

 

Debbie

 

 

[MasterACE14]

well firstly before doing anything, why not go back to the beginning and explain what you want to achieve, maybe I can offer a better solution?

[doubledee]

well firstly before doing anything, why not go back to the beginning and explain what you want to achieve, maybe I can offer a better solution?

 

Okay, sure.

 

My website is full of articles.  Until now, I would compose the article in OO Write, then paste into NetBeans, add the HTML markup, test the appearance, and then save it as a PHP file.

 

Now - for several reasons - I want to move these file-based articles into MySQL.

 

I started pasting the body of my marked articles into my "body" field, but quickly discovered that phpMyAdmin (and MySQL) didn't like all of my single and double quotes?! 

 

(I also had a side issue with my first ever Mod_Rewrite being a real pain because it was making my browser think it was in the virtual "articles" directory and so my paths to images were getting trashed.  And so what we were talking about was my attempt to salvage my formerly working HTML with a prepended WEB_ROOT constant that solved the path issue when things were in my PHP files.  I have since learned how to set up a Virtual Host and that seems to have erased my need to do WEB_ROOT . mypicture.jpg)

 

So from what I have researched tonight, it seems like just creating a web form that uses mysqli_real_escape_string would be the easiest way to compose newly marked up articles or paste in my already marked up articles and not spend all night adding backslashes like we were attempting?!

 

Hope that helps?

 

 

Debbie

 

 

[MasterACE14]

mysqli_real_escape_string() makes sure what is being inserted into the database is safe. So if you made a web form you would have to use mysqli_real_escape_string() on what is being inserted into the database anyway. Which would mean you wouldn't have to worry about backslashes.

 

So if you used a webform you could do the following...

<?php
   $form = <<<FORM
<p>form stuff would go here</p>
FORM;

if(isset($_POST['submit'])) {
  $valid_input = htmlentities(mysqli_real_escape_string($_POST['article']));
  $q = mysqli_query('Insert query here...');
  if(mysqli_affected_rows($q) == 1) {
     echo "Article successfully inserted into Database";
  } else {
     echo "Article was not added.";
  }
} else {
  echo $form;
}

?>

 

is this more or less a long the lines of what you're trying to do?

 

Also check out htmlentities()

 

[Genesis730]

What's wrong with

echo '<img src="WEB_ROOT/images/BeachSunset.jpg" width="200" alt="Picture: Beach Sunset." title="Picture: Beach Sunset.">'

 

(using your original post as a template)  Also you can define other columns in the DB, and use those variables to dynamically write the code attributes

 

Maybe I'm missing something but at least to echo the images dynamically from the DB, this seems to be the way to do it... Are you also looking for how to insert the pictures into the DB?

[doubledee]

htmlentities() prevents the browser from using text as an HTML element and it prevents the code from running if you were to display some user's input on your website.

 

But that is exactly what I want!

 

I want to paste something like this in the form we are discussing...

 

<h1>Is Incorporating Right for Our Business?</h1>

<p>Do you have to me a mega company to incorporate?  <b>Absolutey not</b></p>

<p>Incorporating your small business can be a good idea for several reasons:

<li>Reason 1: ----</li>

<li>Reason 2: ----</li>

<li>Reason 3: ----</li>

and so on...

</p>

 

The whole point is I want the HTML markup to stay as it is so that when I echo it, it will produce a finished page!! 

 

 

Debbie

 

[doubledee]

What's wrong with

echo '<img src="WEB_ROOT/images/BeachSunset.jpg" width="200" alt="Picture: Beach Sunset." title="Picture: Beach Sunset.">'

 

(using your original post as a template)  Also you can define other columns in the DB, and use those variables to dynamically write the code attributes

 

Maybe I'm missing something but at least to echo the images dynamically from the DB, this seems to be the way to do it... Are you also looking for how to insert the pictures into the DB?

 

I am display ENTIRE ARTICLES - which could be 10-20 pages - from one MySQL field called "body".

 

 

Debbie

 

[MasterACE14]

html_entity_decode() is the opposite of htmlentities() in that it converts all HTML entities to their applicable characters from string.

 

html_entity_decode()

[Genesis730]

So as MasterACE14 was saying earlier, use mysql_real_escape_string (MRES) (or mysqli_real_escape_string (MiRES)) to escape all the quotes in the body (1 security measure to prevent SQL injection) which would result in...

 

Dear Sara O'Riley,

  This is an awesome article about......

 

turning into

 

Dear Sara O\'Riley,

  This is an awesome article about......

 

and then use stripslashes  when echoing  ( $body = stripslashes($body); )  to turn it back into

 

Dear Sara O'Riley,

  This is an awesome article about......

 

so the user sees it properly without all the \'s

 

 

OR just listen to MasterACE14

[doubledee]

So as MasterACE14 was saying earlier, use mysql_real_escape_string (MRES) (or mysqli_real_escape_string (MiRES)) to escape all the quotes in the body (1 security measure to prevent SQL injection) which would result in...

 

Dear Sara O'Riley,

  This is an awesome article about......

 

turning into

 

Dear Sara O\'Riley,

  This is an awesome article about......

 

and then use stripslashes  when echoing  ( $body = stripslashes($body); )  to turn it back into

 

Dear Sara O'Riley,

  This is an awesome article about......

 

so the user sees it properly without all the \'s

 

 

OR just listen to MasterACE14

 

I am not following you guys on these functions, how they work, and why I need them?!

 

(From what I read, htmlentities() isn't what I need.)

 

 

Debbie

 

 

[MasterACE14]

for your web form, what you insert into the body field, you need to use mysqli_real_escape_string() for security. To store all the HTML in MySQL you use htmlentities() on that same input. Then when you get it from the database and echo it you use html_entity_decode() to make the HTML come back.

[Genesis730]

You want to be able to type up an article and click Submit... and BAM!!! it's in the database ready to be (if not already) displayed somewhere on your site... If so you NEED to AT LEAST add the bit of security from MRES so you can put in quotes.. If you enter a quote and it's not escaped, PHP will think the first quote it finds is the end of the article and everything after that first quote will be deleted...

So one for security and two for integrity reasons, you should use MRES and stripslashes to do what you want (if i'm understanding you correctly)

 

As far as preseving the HTML (so it puts code in <b>  in bold rather than just echoing <b>  you need to use htmlentities() when sending code to the database and html_entity_decode() to display the code as bold rather than seeing <b>bold</b>  in your article (as MasterAce14 was saying)

[doubledee]

for your web form, what you insert into the body field, you need to use mysqli_real_escape_string() for security.

 

Well, I want to use mysqli_real_escape_string() to make MySQL accept my articles with quotes.  (I trust me!)

 

If I wanted "security", I'd use a Prepared Statement.

 

 

To store all the HTML in MySQL you use htmlentities() on that same input. Then when you get it from the database and echo it you use html_entity_decode() to make the HTML come back.

 

So you are saying that if I don't encode and decode my HTML tags, that they won't work when I echo the field?

 

(Sorry for being dense, but the PHP Manual leaves A LOT to be desired when it comes to explaining things!!)

 

 

Debbie