check into stripslashes ,addslashes and mysqli_real_escape_string functions. Jack 2009/7/17 Jason Carson <jason@xxxxxxxxxxxxxx> > > Hello everyone, > > > > I have a problem. When I insert <a href="http://example.com>Example</a> > > into my database with the following code... > > > > $connect = mysqli_connect($hostname, $username, $password, $database); > > $sql="INSERT INTO notes VALUES ('$id', '$note')"; > > $result=mysqli_query($connect, $sql); > > > > ...everything works fine. The link (when I SELECT it and display it in my > > browser) works as one would expect. > > > > However when I insert <a href="http://example.com";>Example</a> into my > > database with the following code (prepared statement)... > > > > $submitnote = mysqli_prepare($connect, "INSERT INTO notes VALUES (?, > ?)"); > > mysqli_stmt_bind_param($submitnote, "is", $id, $note); > > mysqli_stmt_execute($submitnote); > > > > ...the link (when I SELECT it and display it in my browser) shows up > as... > > > > http://jasoncarson.ca/admin/\"http://example.com\"; > > > > ...Anyone know how to fix this so I can use the prepared statement? > > > > > > -- > > PHP Database Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > Just to clarify, $id would be different for each entry in the database. > $id=1 or 2 or 3 etc... > and > $note = <a href="http://example.com";>Example</a> > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- Jack van Zanen ------------------------- This e-mail and any attachments may contain confidential material for the sole use of the intended recipient. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of this e-mail or any attachment is prohibited. If you have received this e-mail in error, please contact the sender and delete all copies. Thank you for your cooperation
