0

I've very annoying problem with hosting of well known company however

I've website and at its back-end there is form has textarea field where it should be for google adsense code when i submit it does not respond at all and keep loading

but when i type anything else then adsense ads code it accepted so i noticed it not allowing for html

Form code

<form method=post action="1.php" name="adsense" id="adsense">
The Code : <textarea id="ad" name="ad">Put your code here</textarea>
<input type="submit" name="submit" value="Save">
</form>

1.php Code

<?PHP
include "header.php"; // connect to db
if(isset($_POST[submit])){
$qma = "update webads set
ad = '$_POST[ad]'";
$rma = mysql_query($qma) or die(mysql_error());
echo 'Thanks';
}
?>

The problem when i put adsense ads code it not respond and not save it in database but if i put any text it save it normally

so i've been thinking to addslashes() but it also didn't worked after i made such changes

ad1 = 'addslashes($_POST[ad1])'

here is example of unaccepted google adsense code

<script type="text/javascript">
google_ad_client = "pub-0000000000000000";
google_ad_width = 250;
google_ad_height = 250;
google_ad_format = "250x250_as";
google_ad_type = "text";
google_ad_channel = "0000000000";
google_color_border = "FFFCE1";
google_color_bg = "FFFCE1";
google_color_link = "FFFCE1";
google_color_text = "FFFCE1";
google_color_url = "FFFCE1";
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>

One last note

the database field structure is text NOT NULL

CREATE TABLE `webads` (
`id` varchar(50) NOT NULL default '',
`ad` text NOT NULL
PRIMARY KEY (`id`))";

so any idea how to save it ! but it must be easy to recall it back without being altered

i don't know if it stupid or not but if i didn't got any answer how to do it, been thinking to base_64 encoder before save it then when i call it back will base_64 decode it but this sound last hope i can do

Thanks a lot

asked Nov 25, 2013 at 13:33
2
  • I think it should be: ad1 = addslashes($_POST[ad1]); . That's what you meant...right? Commented Nov 25, 2013 at 13:47
  • if(isset($_POST[s1])) from where you are getting s1 Commented Nov 25, 2013 at 13:50

4 Answers 4

3

You need to escape the posted variable for MySQL - the best way to do this is to use PHP's built in function as it will do it correctly for your version of MySQL

$qma = "update webads set ad = '" . mysql_real_escape_string($_POST[ad]) . "'";
answered Nov 25, 2013 at 13:49
Sign up to request clarification or add additional context in comments.

4 Comments

Guess What! i tried all methods and still not working but noticed that if i enter even something like this <script>xxx</script> it not save it !! so it might be refer to hosting company itself .. it is godaddy and paid not free hosting :( have you any idea about such problem
Does it not save anything at all? or just strip out the <script> tags? It could be some kind of security measure but I wouldn't expect it on paid hosting. Try hard coding an sql statement to insert it and see if that works. $qma = "update webads set ad = '<script>TEST</script>'"
$qma = "update webads set ad = '<script>TEST</script>'" not saving it and after many tries i found if the input text as <script> or </script> or <script ....> it never save just keep loading then say page not found .. yes i think it is kind of secuirty measure so i'm going to try my luck with $ad = base64_encode($_POST['ad']); then try to update it.
oh my lord even if base64_encode() <script> it not save it !! it did only after i strip < and > !! very annoying hosting even seen in my life
2

You have to use htmlentities before storing data to database. and you can't use function inside string. 

$ad = htmlentities($_POST['ad']);

Also when using addslashes you'd better first check if it's automatically enabled by server configuration, not to over-quote strings. See get_magic_quotes_gpc 

if(!get_magic_quotes_gpc()) {
 $ad = addslashes($ad);
} 
...
$qma = "update webads set ad = '$ad'";
answered Nov 25, 2013 at 13:47

2 Comments

Guess What! i tried all methods and still not working but noticed that if i enter even something like this <script>xxx</script> it not save it !! so it might be refer to hosting company itself .. it is godaddy and paid not free hosting :( have you any idea about such problem
You should avoid writing data which includes html tags to database especially script so if you escape html entities everything goes fine. Next time when you want reverse function, I mean when you have to output that code you can use html_entity_decode: php.net/manual/en/function.html-entity-decode.php
0

Alternately, you can use 

$ad = htmlspecialchars($_POST['ad']);
$qma = "update webads set ad = '$ad'";
answered Nov 25, 2013 at 13:58

Comments

0

When I work with MySQL Workbench and I do something like update webads set ad = '$_POST[ad]' it throws an error because of the safe mode. My SQL query doesn't have an ID. Maybe the safe mode is on?

If you want to bypass it, just add WHERE ID != -1 but I don't recommend doing this.

Don't forget to sanitize your input.

ata
3,7135 gold badges22 silver badges32 bronze badges
answered Nov 25, 2013 at 14:21

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.