insert simple news with form to database- preserve <br>

Hy guys, This is given me hard times. I have a simple form, I copy / paste news into my database for additional content; I cannot implement the nl2br method because I am geting some errors... maybe is something that i am missing.

Here is the code from my form, from my dreamweaver ...

$insertSQL = sprintf("INSERT INTO nwes (title, contentt, owner, `data`, hot) VALUES (%s, %s, %s, %s, %s)",
                   GetSQLValueString($_POST['title'], "text"),
                   GetSQLValueString($_POST['content'], "text"),
                   GetSQLValueString($_POST['owner'], "text"),
                   GetSQLValueString($_POST['data'], "date"),
          开发者_运维问答         GetSQLValueString($_POST['hot'], "text"));

1. Where should I apply the nl2br function?

2. Also, I have my own articles and I want to be abble to paste here into form all my source text from my dreamweaver, including the formating and other tags. I don't know how to use html_entities ors mysql_real_escape_string .. or maybe you know another solution form my particular problem.

Thanks !

---

nl2br should be applied when you output the data, not when you store it.

You need to be escaping your data when you insert it into the DB. I'm not sure what GetSQLValueString() is or what it returns, but you need to use prepared statements or mysql_real_escape_string() to avoid SQL injections.

Edit: Looks like GetSQLValueString (or, at least the version I found from Adobe) handles escaping and quoting the data for you.

---

what kind of errors are you getting? I don't know what nl2br is but I assume you have some mysql error. I believe you need to have quotes around : VALUES('%s','%s'...)

thats usually what goes wrong when I do inserts