Inserting html tags into MySQL

[denoteone]

if I have a variable

 

$mylink = "<a href='mysite.com?title=thanks'>click here</a>";

and I insert the variable into a database when I retrieve the data later and echo it to the page will it work?

[rhodesa]

yes, but you will want to do it like this:

 

$mylink = "<a href='mysite.com?title=thanks'>click here</a>";
$sql = "INSERT INTO table_name ('link') VALUES ('".mysql_real_escape_string($mylink)."')";
mysql_query($sql) or die(mysql_error());

 

$result = mysql_query("SELECT * FROM table_name");
$row = mysql_fetch_array($result);
echo $row['link'];

[denoteone]

thansk rhodesa I am going to research the reason why mysql_real_escape_string is used.

 

Thanks for your help

[rhodesa]

mysql_real_escape_string() preps a string to be inserted into a MySQL DB. let's take your example for instance...the following:

$mylink = "<a href='mysite.com?title=thanks'>click here</a>";
$sql = "INSERT INTO table_name ('link') VALUES ('$mylink')";
echo $sql;

will produce:

INSERT INTO table_name ('link') VALUES ('<a href='mysite.com?title=thanks'>click here</a>')

but that is no good, cus you can't have single quotes inside single quotes. mysql_real_escape_string() adds slashes in front of any needed characters. the slashes don't stay with the string in the DB, they are just to escape it for the query. when you select the data back out, it won't have the extra slashes in it