This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Difference between single quote and double quote string in php
Hey I'm having trouble inserting page content into my database.
I'm trying to store:
<p class=\"heading_large\"><?php echo $Topic2C2A[data]; ?></p>
Using this code:
$sql="UPDATE event SET
data='<p class=\"heading_large\"><?php echo $Topic2C2A[data]; ?></p>'
WHERE id='2'";
But when I look at the table all I see is:
<p class="heading_large"><?php echo ; ?></p>
I've obviously escaped the HTML with slashes, is there something similar I need to do with the PHP so $Topic2C2A[data] is displayed?
I would suggest you write your $sql as:
$sql="UPDATE event SET data='<p class=\"heading_large\">".$Topic2C2A[data]."</p>' WHERE id='2'";
Your issue is related to the fact PHP is processing variables inside " (double) quotes.
You can change quotes to ' (single) or another option is to change $Topic2C2A[data] to \$Topic2C2A[data].
Did you try mysqli_real_escape_string()? It should return a fully escaped String!
Related
This question already has answers here:
How do I execute PHP that is stored in a MySQL database?
(7 answers)
Closed 4 years ago.
EDIT: This question has been edited from the original
I have a string in a database with HTML and PHP variable's inside. Some of the HTML has double quotes as if I try to use single quotes the database escapes it by adding a quote in front of it like so: ' '.
I want to query the string and assign it to variable $x. And then use eval("\$x = \"$x\";"); to parse the PHP variable, but it seems the double quote is ruining the eval(), and the variables are not parsing.
Is there a way to allow PHP to read the variable?
I am aware, but anyone reading this should also be aware that using eval() can be very dangerous!
Any help would be greatly appreciated!
If your SQL string looks like this: myVar then php:
$myVar = 'hello!';
echo $$var;
If your SQL string looks like this: 3 + 5 then php:
eval($var);
In first option we use Variable Variables
In second option we use eval to evaluate code in string.
This question already has answers here:
How can I combine two strings together in PHP?
(19 answers)
Closed 7 years ago.
I'm trying to link several variables from a database into html. All the data is stored in the DB, however I can't figure out how to link the variables through HTML. Below is my code that I have tried, but doesn't work properly.
echo 'test';
I know the code works properly if I just do something like this (it does return the name):
echo $row["name"];
So why doesn't it work properly with the + $row["name"] + in it? It works perfect as long as I don't try and add data with the +'s.
Thank you!
this is the correct way to write this
echo 'test';
Use a . in stead of +.
And on a sidenote, if the data in the db isn't yet escaped, also use htmlspecialchars() on $row["name"]
Try like this.
echo "<a href='".$row['name']."'>test</a>";
This question already has answers here:
php echoing angle brackets
(4 answers)
Closed 9 years ago.
Example data in my database:
blabla<blabla
I use phpmyadmin and can see that the data has been input successfully.
However when I try to display the data what I get is:
blabla NOT blabla<blabla
In other words, everything after the < symbol does not display.
<?
while ($mouselist_row = mysql_fetch_array($mouselist)) {
$mouselist_commonstrain = mysql_real_escape_string($mouselist_row['Common_Strain']);
echo "$mouselist_commonstrain.";
}
?>
I tried using mysql_real_escape_string.
Is there something in particular needed to display the <?
thanks
You want something like:
echo htmlspecialchars($mouselist_commonstrain);
(It needs to be HTML escaped.)
try this
$mouselist_commonstrain = stripslashes(htmlspecialchars($mouselist_row['Common_Strain']));
Your problem isn't escaping SQL but HTML. As answered in this question you can use htmlspecialchars function.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Escaping double quotes in php
In my database, the record is shoing like this is php's code and "called" a special code.
When I am trying to fetch this text from mysql database to my php page, it is showing up to this is php's code and
My code is simple:
$all_gallery_ph_sql = mysql_query("SELECT `path`,`name`,`title`,`details` FROM `gallery` WHERE `status`='1' AND `type`='myreference' AND `enable_status`='1' LIMIT {$startpoint} ,{$limit}");
echo $res['details'];
So how to resolve this issue. Please help me.
Thanks.
You can use htmlentities():
echo htmlentities( $gallerycontent['content'], ENT_QUOTES);
This question already has answers here:
How do I pass variables and data from PHP to JavaScript?
(19 answers)
Closed 8 years ago.
<button class="addToPlaylist" onclick="javascript:myPopup(<?php echo $videos[$counter]?>);
return false;">+</button>
I have a button on an image as a html hyperlink. I want to perform different actions on hyperlink and button. The above code works whenever I do not pass the PHP variable using echo. When i pass PHP variable, the button also performs the same action as of the hyperlink, that means return false does not work.
Any idea why the return false; does not work when i pass PHP variable?
This should be:
<button class="addToPlaylist" onclick="javascript:myPopup('<?php echo $videos[$counter];?>');return false;">+</button>
Note the single quotes in myPopup. As you pass a string to myPopup, you will need to enclose it with single quotes. (Double won't work as there is already double quotes for the onclick)
I am quite sure $videos[$counter] is not numeric, but a string. In this case you have to write the quotes:
onclick="javascript:myPopup('<?php echo $videos[$counter]?>');
And make sure, $videos[$counter] doesn't contain any, something like
onclick="javascript:myPopup('<?php echo addslashes($videos[$counter])?>');
comes to mind.
onclick="javascript:myPopup("";return false;" . This should work and i think it's more clear where you have javascript code and php code.