stackoom
  简体   繁体   中英

MySQL Insert Double Quotes PHP

 原文  2018-02-06 03:56:00       php/ mysql/ mysqli/ prepared-statement/ bindparam

Question

I am using the below-prepared statement to insert into MySQL. If I try and insert something with $descrip containing a " (double quote) the insert stops at this point.

Example: Trying to insert 16" Solid Steel Tube The entry into the table row only shows 16 and stops at the " (double quote) and wont show the rest of $descrip .

What am I doing wrong? 

$stmt = $db->prepare("INSERT INTO line_items (quote_id, part, descrip, qty, price, net, notes, datasheet) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("ssssssss", $quote_id, $part, $descrip, $qty, $price, $net, $notes, $datasheet);

foreach($_POST['part'] as $i => $item) {

    $part       = $item;
    $descrip   = $_POST['descrip'][$i];  //This wont enter something with double qutoes such as 16" Solid Steel Tube
    $qty        = $_POST['qty'][$i];
    $price      = $_POST['price'][$i];
    $net        = $_POST['net'][$i];
    $notes      = $_POST['notes'][$i];
    $datasheet  = $_POST['datasheet'][$i];

    $stmt->execute();
}

EDIT: FYI- I am selecting $descrip from another table in the database which correctly has this in the row as 16" Solid Steel Tube . When I try and copy this item into another table via my prepared statement that is when it wont insert properly.

1 answers

solution1
 4 ACCPTED  2018-02-06 04:09:01

Based on your hint...

I am selecting $descrip from another table in the database which correctly has this in the row as '16" Solid Steel Tube '. When i try and copy this item into another table via my prepared statement that is when it wont insert properly.

I imagine you're using this value in a form like this (but maybe not exactly) 

<input type="text" value="<?= $descrip ?>" name="descrip[]">

The issue here is that the rendered HTML looks like 

<input type="text" value="16" Solid Steel Tube" name="descrip[]">

Notice the value attribute now has an end-quote after "16" ?

You need to encode your values for safe use in HTML. Try... 

<input type="text" value="<?= htmlspecialchars($descrip) ?>" name="descrip[]">

This will render like 

<input type="text" value="16&quot; Solid Steel Tube" name="descrip[]">

Your PHP script will still receive it as the un-encoded string when submitted.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Mysql PHP insert with quotes and double quotes Mysql Insert PHP colons, semi colons and double quotes Quotes/Double Quotes within PHP/MySql PHP MySql double quotes than single quotes How to insert a double quotes in a variable in php PHP MySQLI prepared insert to handle quotes and double quotes PHP Double Quotes from MySQL, breaking htmlentities to remove or replace double quotes in php in mysql query Escaping single quotes in PHP/MySQL insert not working Codeigniter insert double quotes
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM