How to insert ampersand in mysql using php?
Thanks in advance
When I execute the following code the “one” is saves in database but the “ second” and ampersand sign won’t. plz help me…
$companyName ="one & second";
INSERT INTO registeration(companyName) VALUES('". $companyName ."')";
I know this is old but I just ran into this issue myself and the issue turned out to be an escaping issue with ajax post rather than an issue with mysql and php. I added encodeURIComponent(variabletopost) to the variable before posting it with ajax and it worked great.
Exactly the same way as any other data, no special action required.
insert into table (field) values ('&')
I know it's an old post but,
try adding addslashes() to your php var:
$companyName = addslashes("one & second");
Then, when php parses the '&' (ampersand) , it reads '\&' (backslash-ampersand) instead of trying to create a reference in the middle of the query.
I also faced this type of issue and solved by using javascript function encodeURIComponent(uri);
In place of uri you have to put your variable. then it will allow all special character.
Related
I'm trying to create a simple blog type system for my site using PHP and MYSQL.
everything works fine. however, the issue that I am facing right now is that when I insert data into mysql database, it will have some extra characters.
the extra character that I am having the most difficulty with is this: \
Example:
when I insert an image link/tag into database: I get the following in my database:
<p><img alt=\"\" src=\"http://somedomain.com/images/9Image1.jpg\" /></p>
so I am trying to remove those extra characters before inserting the data into mysql using PHP.
for that, I tried using the following code:
$body = preg_replace("/\\\\\/", "", $body);
however, this code doesn't do anything. and in fact stops my entire code working and it stops my code from inserting any data into mysql.
Could someone please advise on this issue?
Thanks in advance.
Try to use stripslashes(string)
$body = stripslashes($body);
Let me know if it works.
I have a form that collects data from a user and inserts them into a mySQL database. My problem is to present the data submitted to the user using redirect. I created a simple function, redirect_to($var1) that works OK.
Problem arises with this syntax:
redirect_to("serraRedirect1.php?lastname=$_GET['lastname']&firstname=$_GET['firstname']&emailconf=$_GET['emailconf']&entree=$_GET['entree']&lastname2=$_GET['lastname2']&firstname2=$_GET['firstname2']&entree2=$_GET['entree2']&meal_cost=$_GET['meal_cost']");
The error message is 'unexpected "' in line xxx.
I've made several changes but nothing I did works.
I need help in getting the syntax right.
You forgot to concatenate..
Do like this
redirect_to("serraRedirect1.php?lastname=".$_GET['lastname']."&firstname=".$_GET['firstname']."&emailconf=".$_GET['emailconf']."&entree=".$_GET['entree']."&lastname2=".$_GET['lastname2']."&firstname2=".$_GET['firstname2']."&entree2=".$_GET['entree2']."&meal_cost=".$_GET['meal_cost']);
If you are including a value from an array in a double-quoted string, you need to surround it in curly brackets ({ and }):
redirect_to("serraRedirect1.php?lastname={$_GET['lastname']}&firstname={$_GET['firstname']}&emailconf={$_GET['emailconf']}&entree={$_GET['entree']}&lastname2={$_GET['lastname2']}&firstname2={$_GET['firstname2']}&entree2={$_GET['entree2']}&meal_cost={$_GET['meal_cost']}");
redirect_to("serraRedirect1.php?lastname={$_GET['lastname']}&firstname={$_GET['firstname']}&emailconf={$_GET['emailconf']}&entree={$_GET['entree']}&lastname2={$_GET['lastname2']}&firstname2={$_GET['firstname2']}&entree2={$_GET['entree2']}&meal_cost={$_GET['meal_cost']}");
redirect_to( sprintf("serraRedirect1.php?lastname=%s&firstname=%s&emailconf=%s&entree=%s&lastname2=%s&firstname2=%s&entree2=%s&meal_cost=%s",
$_GET['lastname'], $_GET['firstname'], $_GET['emailconf'], $_GET['entree'], $_GET['lastname2'], $_GET['firstname2'], $_GET['entree2'], $_GET['entree2']
));
If you use the get method, everyone could see all the inforamation for all the users in your database.
In these situations I prefer to use sessions:
$_SESSION['username'] = $username;
redirect_to(.....);
and:
echo $_SESSION['username'];
in serraRedirect1.php
I am trying to insert into mysql from an xml using PHP, but the field name contains a "hyphen" and for some reason it is not inserting this field, the rest are fine. I have tried using the hex codes x002D, x2010,x2012, and none have worked. As you can see in my xml, the hyphen is not being changed like the space, but if I just remove the x002D inserts everything after the "E" in other words just inserts -mail_x0020_Address.
This is my xml:
<encuestas>
<ID>9949</ID>
<E-mail_x0020_Address>email#email.com</E-mail_x0020_Address>
<ZIP_x002F_Postal_x0020_Code>90001</ZIP_x002F_Postal_x0020_Code>
</encuestas>
This is my insert statement ( I removed fields, I have 20 on that xml):
"INSERT INTO New_Encuestas_Datos(ID,`email`,`Zip/Postal Code`) VALUES('$product->ID','$product->E-mail_x0020_Address','$product->ZIP_x002F_Postal_x0020_Code')";
The variables are coming from an array reading the xml and like I said, everything is imported except email. I have tried the following combinations:
E-mail_x0020_Address
E_x002D_mail_x0020_Address
E_x2010_mail_x0020_Address
E_x2012_mail_x0020_Address
Can anyone point me what I am doing wrong? Thanks !
Hmm, I doubt you can use it in a string, but in plain PHP it is $product->{'E-mail_x0020_Address'};. But that doesn't matter anyway, as you should escape you values prior to sending them to a database you can nicely name an escaped variable as you like.
Try using:
"INSERT INTO New_Encuestas_Datos(ID,`email`,`Zip/Postal Code`) VALUES('{$product->ID}', '{$product->E-mail_x0020_Address}', '{$product->ZIP_x002F_Postal_x0020_Code}')";
Edited:
Just found here Validate class/method names with regex that '-' is not valid in method names.
I've a problem of character encoding in php, so this's the php code:
n_event=$_GET['ndlann'];
$nom_complet=htmlentities(stripslashes($_POST['nom']));
$email_comment=htmlentities(stripslashes($_POST['email']));
$titre_comment=htmlentities(stripslashes($_POST['titre']));
$texte_comment=htmlentities(stripslashes(nl2br($_POST['commentaire'])));
$pays_comment=$_POST['pays'];
$date_ajout=date('Y/m/d');
Data will be added in a database table , you see that this data comes from a comments form,
so when the user enters some comments with orient languages carachters (arabic,hebrew...etc), the input data will change to something like :
Ø´Ù�را عÙ�Ù� اÙ�Ù�Ù�ضÙ�Ø
I tried to delete the htmlentities method and that works fine , but does start another problem of comments form security (js scripts will be executed)
What can I do with this situation?
and thanks
Do not use htmlentities() ever.
This function has been obsoleted long time ago.
Use htmlspecialchars() instead.
you have also bunch of nonsense in your code
doing htmlentities(nl2br(*)) has no sense.
make stripslashes conditional, only if magic quotes are set on.
there is a possible problem with pays field.
I am also afraid that you're taking htmlentities as some sort of SQL escaing function. Am I right?
In my opinion, and according to the PHP doc, the accepted answer is not correct.
Nowhere it is written that this function has been deprecated.
If you set correctly the third argument of the function, called $encoding, it will solve your problem.
I hope this helps.
Whenever I was inserting AT&T to database it was added as AT&T; semicolon is added extra in code igniter.
My code is like this:
$this->input->post('carrier_name');
$this->db->insert('cs_carrier',$insert);
please suggest.
In case someone comes across this later. I ran into this issue today, and it turns out it was the xss_clean function within CI. I opted not to use it and used filter_var instead.
replace any special character like & = & then you can store into database.Anyway another things.Please make your data field text type otherwise it don't take any special char.