How to store text in a database

Beginners - Learning PHP
#1

What is the right way to store a blog post in a MySql database?. For instance a blog post. If I understand, I should not use tags in the database and I should add the tags when I echo that in the html page. Is that correct? if so, how to distinguish the titles of the blog post in the database?

#2

You can store tags in a field, I have seen entire template files stored. Change the storage type to blob and see what happens.

#3

I had the blog with tags and type “text” and I had no problems. But I read that it was not a good practice to put tags in the database. Did I understood it bad?. Now I change the type text to blob and I see no changes. What type is better and why?

#4

Reading raw HTML markup from the database is a major security risk, because the content may have been manipulated through an SQL injection vulnerability to include malicious code (e. g. JavaScript code). It’s generally better to use a specialized, limited markup language like Markdown and convert it to HTML when needed.

If you absolutely need the full power of HTML for your blog posts, make sure to filter the content with HTML Purifier and use Content Security Policy to block execution of any inline code (the latter can be a problem if you use inline code yourself). Actually, you should do this even when you’re using Markdown.

Regarding the type, do not use [tt]BLOB[/tt]. This is meant for binary data only. When you have text, you want the [tt]TEXT[/tt] type with the right character encoding.

#5

[member=76351]Pretty Homepages[/member]: I see in your example that with markdown titles use -------- in a second line. But I suppose this is not possible in a database?. How to markdown titles or h2 in a database?

#6

Well, it really depends on how you set up your database. First, in a blog database, you normally have each
post saved as a separate row in the table. Then, you have a title and text for each post. This is normally
stored as just standard text. Then, when you display that post, you insert it between your heading tags and
your text tags in your display HTML. Nothing tricky there.

You can save it as

sometitle

sometext or whatever, but, why waste the extra space
for the tags??? Perhaps you can show us the layout of your table for your blog’s posts? Or, here is a simple
tutorial on creating a blog from scratch. There are thousands, maybe millions of these tutorials around and
all are different. On this one, it shows a simple database layout which I think will show you how to do it. Also,
note the way they save the posts to the database. It might help you along some…
https://daveismyname.com/creating-a-blog-from-scratch-with-php-bp

Good luck!

#7

Why should that not be possible? A [tt]TEXT[/tt] field can hold any text just like a text file. You can have as many lines as you want.

#8

I understand that I should store the title of the post (h1) in a specific row in the MySql database and the body of the post in another row. But if a post has a body of 2000 words, it really needs some kind of subtitles or separations: I use h2. That is what I am asking. How to mark that subtitles in the body of the post. I should markdown that subtitles in the database to be able to transform it when I output that? how?

#9

Well, first 2000 words is a huge post. Your last one is less than 100 words. But, size does not really matter as
it is just text stored into a database. Now, rows are separate post entries. You have one row per post only. It
is important that you use the correct terminology. Never more than one row in the database per post. Each of
the post’s (one row of data) has an unique ID to make it accessible. All of the other fields are data. Usually you
have fields for who posted it (usually just a unique user ID integer), the date/time it was created, a title and the
actual text for the post. Inside the text, you can have whatever you wish. Normally, this would include any of
the special formatted that you allow on your site. Therefore, if you use a full-text editor such as CK-Editor or
even your own hand-built editor, you might allow tags for headings, colors, paragraphs or most any other HTML
coding tags. All you have to do is to make sure there is no programming codes entered into your text. The
CKEditor is very easy to use and looks great on a site.

Since you do not know what your users will type into your fields, you should make sure you strip out any of
the possible programming codes. You can use PHP functions to do this.

Another possible way to do this is to just use one of the thousands of free blog systems. The one that you are
reading right now is a good system and very easy to set up. I have installed it before and it works good as you
can see as you use this blog site. Get it here: http://download.simplemachines.org/ The pro’s on
using a canned system is that all of the saving, retrieving, display of posts are already set up for you. The con’s
would be that you need to learn their code if you wish to customize it beyond the standard custom options in
the system. Just an another idea for you to think about…

#10

I just do not understand well the answers. Probably I did not explain well, sorry my fault. I try again:

I have a blog post. This is the body of the post that I need to store in a mySql database. This is simplified:
Paragraph 1
A subtitle
Paragraph 2

When I output in a html page I want this:

Paragraph 1

\n

A subtitle

\n

Paragraph 2

\n

When I output, I know how to add p tags. But I do not know how to add the h2 tags:
$text = $row[‘text_post’];
$text = preg_replace("/\n/","

",$text);
echo $text;

How to store that text in a MySql database and how to echo that in a htm page? Please, give a practical example with this simplified text

#11

Well, why use the preg_replace to alter the text? Just store it. If you want to alter the /n’s to HTML line breaks,
then use the function designed for that. So, the /n is normally /n/r, but, can be /r, /n, /r/n or /n/r… These are
actually called “New Line” codes. In HTML, you need a “Line Break” code which is either
or

SO the function your want is nl2br()…
It is a standard PHP function: http://php.net/manual/en/function.nl2br.php which returns a string where
the string is with all ‘
’ or ‘
’ inserted before all newlines (\r\n, \n\r, \n and \r).

I think that is what you are looking for…

#12

Why do you guys make this trivial task so incredibly complicated?

As I’ve already said multiple times, you can simply write the blog post with Markdown and then store the entire text in a [tt]TEXT[/tt] field, just like you would store a static HTML document in a text file (if you need a lot of space, use [tt]MEDIUMTEXT[/tt] or [tt]LONGTEXT[/tt] instead of [tt]TEXT[/tt]).

Download Parsedown to parse the Markdown syntax, download HTML Purifier to filter the result, and then get going:

[php]<?php

require_once DIR.’/lib/parsedown/Parsedown.php’;
require_once DIR.’/lib/htmlpurifier/HTMLPurifier.auto.php’;

// This is what’s stored in the database
$blog_entry_markdown = <<<‘TEXT’

This is a heading

And a paragraph

And a subheading

And another paragraph
TEXT;

// parse Markdown syntax (make sure to enable HTML-escaping)
$parsedown = new Parsedown();
$parsedown->setMarkupEscaped(true);
$blog_entry_unsafe = $parsedown->text($blog_entry_markdown);

// filter resulting HTML markup to prevent any unwanted content
$purifier_config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($purifier_config);
$blog_entry_safe = $purifier->purify($blog_entry_unsafe);

?>

My blog

My blog

<?= $blog_entry_safe ?>
[/php]
#13

So, Pretty? You want to change a working system by adding an additional library and adding extra code when
all he wants to do is change the new-line codes and add header tags??? Silly to do all that work instead of using
two small functions that is already built into PHP…

Also, NG, to add tags to a string of text, just do it… $text = “

” . $text . “

”; …
#14

I could actually ask the same of you.

#15

No offense, but has none of you ever put rich text on a website? I mean, without introducing an entire zoo of XSS vulnerabilities.

The idea of using newlines to detect the structure of the text is obviously nonsense, because you simply cannot:

foo bar bar foo
Is this a heading followed by a paragraph? Two paragraphs? A single paragraph with a line break? And we still don’t have lists, links, images or whatever people need in a blog post.

This is why markup languages were invented: To convey the structure of text. HTML is generally a great markup language, but it’s also far too dangerous to be taken from an untrusted source. Markdown fills this gap.

#16

Pretty, no offense to you either! But, he already has a working site. He gave us bits and pieces to finally help
us understand what he is having trouble with. It is just adding in heading tags to existing incoming post texts.
No need to do any complicated library or over think this. Let’s just help him…

Is this a heading followed by a paragraph? Two paragraphs? A single paragraph with a line break? And we still don't have lists, links, images or whatever people need in a blog post.
He already knows the structure and just wants to add the heading tags. You are not reading all of what he gave us in his posts. (And, at first, I did not know what he was asking, too!) I use rich text on several websites with no problems what so ever. I do cleanse it when it is saved to the database, but, displaying it is never an issue. (Not sure what your first comment meant!) The structure you created and showed has nothing to do with his posted structure that he already posted to us. Is that helpful to him?

Now, on the subject of using the Markdown library. It is basically about 1500 lines of code added to the site
and slows down the server to about 10% of it’s throughput. It is a very helpful library for certain types of data
handling where huge amounts of certain types of formatted data is used. But, for a simple blog, it is much much
better to just use built-in functions to format and cleanse the incoming data and just store it as displayable HTML
text which can be retrieved from the database and thrown on the screen as-is. No time delay at all during the
runtime of the web page as no mark-up processing is needed. I feel that the cleansing parse of the incoming
post would be the most important in this case.
Perhaps, this page might explain it better than I can:
http://allinthehead.com/retro/364/dont-parse-markdown-at-runtime

#17

You still haven’t understood the problem. And it seems we’re spending most of our time helping you when we should actually help the people asking questions.

I’ll explain it one last time.

The OP stores his blog posts as plaintext, because he doesn’t want HTML in his database. This is a very wise choice, because filtering HTML is extremely complex and can only be done partially with sophisticated, battle-tested libraries like HTML Purifier. If you think it’s easy, then you don’t know what you’re doing. The fact that you rely on “pre-filtered” data proves that. Have you never heard of SQL injections, CSRF, XSS, session hijacking? All of this can alter the text you have in your database, making it a perfect target for further attacks.

So plaintext is good. Unfortunately, plaintext alone tells us absolutely nothing about the structure. Look at NG’s example again:

Paragraph 1 A subtitle Paragraph 2
Now, how is PHP supposed to magically recognize that the second line is a heading while the other two lines belong to separate paragraphs? Hint: It cannot. PHP is a fairly powerful language, but reading the minds of blog authors is outside of its scope.

To summarize:

[ul][li]HTML is not an option.[/li]
[li]We still need a markup language to convey the structure of the text.[/li][/ul]

This is a common problem, so smart people have already solved it for us by inventing Markdown. If you have issues with Markdown in particular (for whatever reason), you can also use BBCode or whatever.

You need to stop pulling numbers out of your ass.

#18

Well, as I did say, no offense, my Pretty…

There is actually 1600+ lines of code in just the one main Markdown file. I did not just pull numbers out of the
blue! And, the testing was based on using it for preloading text to display. I showed you the post for that data.
There are many other such tests if you want to look around for them. I will not argue over this further as it does
seem it is one of your favorites. This disagreement is not helping NG solve his simple issue…

#19

So where is your super-simple solution, kid? Show us the code, and I’ll show you that you have no idea what you’re doing.

Sponsor our Newsletter | Privacy Policy | Terms of Service