This question already has answers here:
How do I execute PHP that is stored in a MySQL database?
(7 answers)
Closed 4 years ago.
EDIT: This question has been edited from the original
I have a string in a database with HTML and PHP variable's inside. Some of the HTML has double quotes as if I try to use single quotes the database escapes it by adding a quote in front of it like so: ' '.
I want to query the string and assign it to variable $x. And then use eval("\$x = \"$x\";"); to parse the PHP variable, but it seems the double quote is ruining the eval(), and the variables are not parsing.
Is there a way to allow PHP to read the variable?
I am aware, but anyone reading this should also be aware that using eval() can be very dangerous!
Any help would be greatly appreciated!
If your SQL string looks like this: myVar then php:
$myVar = 'hello!';
echo $$var;
If your SQL string looks like this: 3 + 5 then php:
eval($var);
In first option we use Variable Variables
In second option we use eval to evaluate code in string.
Related
This question already has answers here:
What is the difference between single-quoted and double-quoted strings in PHP?
(7 answers)
Closed 4 years ago.
I would like to assign a variable into the PHP code, which will change my URL. For example
$page = 'http://www.example.com/search-products?type=buildings&q=small&go=Go';
Where q=small i would like to change to say q=big (using a variable)
I have assigned a variable within PHP but i am unable to get it to work?
for example
$q= 'big';
$page = 'http://www.example.com/search-products?type=buildings&q=$q&go=Go';
The url does not however update - Any help would be appreciated
Use strings with " and not with ' if you're using variables in it.
$page = "http://www.example.com/search-products?type=buildings&q={$parameter}&go=Go";
Check this :
$page = "http://www.example.com/search-products?type=buildings&q={$q}&go=Go";
Note: Single quotes don't work in this case.
If you use Single quotes, you see something like this :
echo 'q={$q}';
//Output => q={$q}
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 6 years ago.
I want to do an INSERT into a MySQL database using:
$sql = "INSERT INTO table (title1) VALUES ('$myVar')";
but the problem is $myVar can contain the single quotes (' symbols, e.g. in "idiot's"). Can somebody tell me how to handle any single quotes in the variable as a letter and not as a piece of code?
(I know there are posts about this in the forum already, but I do not really understand their solutions, so sorry for double posting)
You might be temped to replace each single quote with two of them.
like so
$myvar = "idiot\'s";
But resist the urge and escape it instead:
<?php $var = "Hello !! idiot's";
mysql_real_escape_string($var);?>
Or even better, use PDO
Use mysqli_real_escape_string like this:
$myVar= mysqli_real_escape_string($link,$myVar);
and then your query.
It is advisable to use PDO too!
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Difference between single quote and double quote string in php
Hey I'm having trouble inserting page content into my database.
I'm trying to store:
<p class=\"heading_large\"><?php echo $Topic2C2A[data]; ?></p>
Using this code:
$sql="UPDATE event SET
data='<p class=\"heading_large\"><?php echo $Topic2C2A[data]; ?></p>'
WHERE id='2'";
But when I look at the table all I see is:
<p class="heading_large"><?php echo ; ?></p>
I've obviously escaped the HTML with slashes, is there something similar I need to do with the PHP so $Topic2C2A[data] is displayed?
I would suggest you write your $sql as:
$sql="UPDATE event SET data='<p class=\"heading_large\">".$Topic2C2A[data]."</p>' WHERE id='2'";
Your issue is related to the fact PHP is processing variables inside " (double) quotes.
You can change quotes to ' (single) or another option is to change $Topic2C2A[data] to \$Topic2C2A[data].
Did you try mysqli_real_escape_string()? It should return a fully escaped String!
This question already has answers here:
How do I pass variables and data from PHP to JavaScript?
(19 answers)
Closed 8 years ago.
I'm trying to call a javascript function with one argument being a variable gotten from a drop box. This script works fine if only passed the value from the current drop box using "this.value", however when trying to pass the variable the code doesn't work. The variable is properly being populated from the value in the drop box when I use echo statements. I think the problem is with actually passing the variable to the javascript function. The function showSection(q, r) is never being called as the write statement is never executing. Any help would be appreciated. Here is my php and javascript code
echo "<select name=\"course\" onchange=\"showSection($q, this.value)\">";
If the $q or this.value are string values, you have to pass it within quotes.
echo "<select name='course' onchange='showSection(\"$q\", \"this.value\")'>";
You need to make sure inserting the value of $q doesn't produce javascript syntax errors. The reasonable way to do that is to use json_encode on the value.
After that you need to make sure both single and double quotes are escaped in that value, to keep the html correct. htmlspecialchars is used for that. In my opinion, converting both single and double quotes always (ENT_QUOTES) is the best choice.
And the end result is (I'm using heredoc syntax here, because I find it more readable):
$escaped = htmlspecialchars(json_encode($q), ENT_QUOTES);
echo <<<HTML
<select name="course" onchange="showSection($escaped, this.value);">
HTML;
This question already has answers here:
How do I pass variables and data from PHP to JavaScript?
(19 answers)
Closed 8 years ago.
<button class="addToPlaylist" onclick="javascript:myPopup(<?php echo $videos[$counter]?>);
return false;">+</button>
I have a button on an image as a html hyperlink. I want to perform different actions on hyperlink and button. The above code works whenever I do not pass the PHP variable using echo. When i pass PHP variable, the button also performs the same action as of the hyperlink, that means return false does not work.
Any idea why the return false; does not work when i pass PHP variable?
This should be:
<button class="addToPlaylist" onclick="javascript:myPopup('<?php echo $videos[$counter];?>');return false;">+</button>
Note the single quotes in myPopup. As you pass a string to myPopup, you will need to enclose it with single quotes. (Double won't work as there is already double quotes for the onclick)
I am quite sure $videos[$counter] is not numeric, but a string. In this case you have to write the quotes:
onclick="javascript:myPopup('<?php echo $videos[$counter]?>');
And make sure, $videos[$counter] doesn't contain any, something like
onclick="javascript:myPopup('<?php echo addslashes($videos[$counter])?>');
comes to mind.
onclick="javascript:myPopup("";return false;" . This should work and i think it's more clear where you have javascript code and php code.