denoteone Posted April 8, 2009 Share Posted April 8, 2009 if I have a variable $mylink = "<a href='mysite.com?title=thanks'>click here</a>"; and I insert the variable into a database when I retrieve the data later and echo it to the page will it work? Quote Link to comment Share on other sites More sharing options...
rhodesa Posted April 8, 2009 Share Posted April 8, 2009 yes, but you will want to do it like this: $mylink = "<a href='mysite.com?title=thanks'>click here</a>"; $sql = "INSERT INTO table_name ('link') VALUES ('".mysql_real_escape_string($mylink)."')"; mysql_query($sql) or die(mysql_error()); $result = mysql_query("SELECT * FROM table_name"); $row = mysql_fetch_array($result); echo $row['link']; Quote Link to comment Share on other sites More sharing options...
denoteone Posted April 8, 2009 Author Share Posted April 8, 2009 thansk rhodesa I am going to research the reason why mysql_real_escape_string is used. Thanks for your help Quote Link to comment Share on other sites More sharing options...
rhodesa Posted April 8, 2009 Share Posted April 8, 2009 mysql_real_escape_string() preps a string to be inserted into a MySQL DB. let's take your example for instance...the following: $mylink = "<a href='mysite.com?title=thanks'>click here</a>"; $sql = "INSERT INTO table_name ('link') VALUES ('$mylink')"; echo $sql; will produce: INSERT INTO table_name ('link') VALUES ('<a href='mysite.com?title=thanks'>click here</a>') but that is no good, cus you can't have single quotes inside single quotes. mysql_real_escape_string() adds slashes in front of any needed characters. the slashes don't stay with the string in the DB, they are just to escape it for the query. when you select the data back out, it won't have the extra slashes in it Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.