This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Escaping double quotes in php
In my database, the record is shoing like this is php's code and "called" a special code.
When I am trying to fetch this text from mysql database to my php page, it is showing up to this is php's code and
My code is simple:
$all_gallery_ph_sql = mysql_query("SELECT `path`,`name`,`title`,`details` FROM `gallery` WHERE `status`='1' AND `type`='myreference' AND `enable_status`='1' LIMIT {$startpoint} ,{$limit}");
echo $res['details'];
So how to resolve this issue. Please help me.
Thanks.
You can use htmlentities():
echo htmlentities( $gallerycontent['content'], ENT_QUOTES);
Related
This question already has answers here:
How can I combine two strings together in PHP?
(19 answers)
Closed 5 years ago.
I'm having some weird problem escaping " in an echo function.
echo "Site";
Any idea what I'm doing wrong?
You are doing it the javascript way for one. Concatenating in PHP works using . or ,.
Then you are using to many "
Try this line:
echo "Site";
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 6 years ago.
I JSON decode a page with PHP, but sometimes there's a name like 'M'gladbach' or 'Côte d'Ivoire' and then the SQL sees the first single quote as a stop so it gives me the error after the 'Côte d' Can somebody help me with this problem ?
I know you can do 'Côte d''Ivoire' but as I get all the info from a API I can't put double quotes in it. Thanks a lot.
use double quotes
"M'gladbach"
The proper way to do it is
$item = "Côte d'Ivoire";
$escaped_item = mysqli_escape_string($item);
printf("Protected string : %s\n", $escaped_item);
Now it is safe to put e.g. in a database.
This question already has answers here:
php echoing angle brackets
(4 answers)
Closed 9 years ago.
Example data in my database:
blabla<blabla
I use phpmyadmin and can see that the data has been input successfully.
However when I try to display the data what I get is:
blabla NOT blabla<blabla
In other words, everything after the < symbol does not display.
<?
while ($mouselist_row = mysql_fetch_array($mouselist)) {
$mouselist_commonstrain = mysql_real_escape_string($mouselist_row['Common_Strain']);
echo "$mouselist_commonstrain.";
}
?>
I tried using mysql_real_escape_string.
Is there something in particular needed to display the <?
thanks
You want something like:
echo htmlspecialchars($mouselist_commonstrain);
(It needs to be HTML escaped.)
try this
$mouselist_commonstrain = stripslashes(htmlspecialchars($mouselist_row['Common_Strain']));
Your problem isn't escaping SQL but HTML. As answered in this question you can use htmlspecialchars function.
This question already has answers here:
Magic quotes in PHP
(12 answers)
Closed 8 years ago.
I am working on a website and I have a php editor that automatically adds \ to certain things. I was aware of the stripslashes() function and I know it can be used in a way such as: stripslashes($test) but I am including something and I do not know how to strip the slashes from the Page I am including. Here is my include code that I am using:
<?php include $_SERVER['DOCUMENT_ROOT']."/newseditor/BlogTitle.php"; ?>
So how would I stripslashes from this? Thanks for reading and I appreciate all help I recieve.
You are suffering from PHP's magic quotes, and here is how to turn it off:
http://www.php.net/manual/en/security.magicquotes.disabling.php
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Difference between single quote and double quote string in php
Hey I'm having trouble inserting page content into my database.
I'm trying to store:
<p class=\"heading_large\"><?php echo $Topic2C2A[data]; ?></p>
Using this code:
$sql="UPDATE event SET
data='<p class=\"heading_large\"><?php echo $Topic2C2A[data]; ?></p>'
WHERE id='2'";
But when I look at the table all I see is:
<p class="heading_large"><?php echo ; ?></p>
I've obviously escaped the HTML with slashes, is there something similar I need to do with the PHP so $Topic2C2A[data] is displayed?
I would suggest you write your $sql as:
$sql="UPDATE event SET data='<p class=\"heading_large\">".$Topic2C2A[data]."</p>' WHERE id='2'";
Your issue is related to the fact PHP is processing variables inside " (double) quotes.
You can change quotes to ' (single) or another option is to change $Topic2C2A[data] to \$Topic2C2A[data].
Did you try mysqli_real_escape_string()? It should return a fully escaped String!