Re: MySQLand a prepared statement problem

"Jason Carson" <jason@xxxxxxxxxxxxxx> · Fri, 17 Jul 2009 00:29:24 -0400 (EDT)

I was under the impression that using prepared statements means you don't
need to use those functions.

> check into stripslashes ,addslashes and mysqli_real_escape_string
> functions.
>
> Jack
>
> 2009/7/17 Jason Carson <jason@xxxxxxxxxxxxxx>
>
>>  > Hello everyone,
>> >
>> > I have a problem. When I insert <a
>> href="http://example.com>Example</a>
>> > into my database with the following code...
>> >
>> > $connect = mysqli_connect($hostname, $username, $password, $database);
>> > $sql="INSERT INTO notes VALUES ('$id', '$note')";
>> > $result=mysqli_query($connect, $sql);
>> >
>> > ...everything works fine. The link (when I SELECT it and display it in
>> my
>> > browser) works as one would expect.
>> >
>> > However when I insert <a href="http://example.com";>Example</a> into my
>> > database with the following code (prepared statement)...
>> >
>> > $submitnote = mysqli_prepare($connect, "INSERT INTO notes VALUES (?,
>> ?)");
>> > mysqli_stmt_bind_param($submitnote, "is", $id, $note);
>> > mysqli_stmt_execute($submitnote);
>> >
>> > ...the link (when I SELECT it and display it in my browser) shows up
>> as...
>> >
>> > http://jasoncarson.ca/admin/\"http://example.com\";
>> >
>> > ...Anyone know how to fix this so I can use the prepared statement?
>> >
>> >
>> > --
>> > PHP Database Mailing List (http://www.php.net/)
>> > To unsubscribe, visit: http://www.php.net/unsub.php
>> >
>> >
>> Just to clarify, $id would be different for each entry in the database.
>> $id=1 or 2 or 3 etc...
>> and
>> $note = <a href="http://example.com";>Example</a>
>>
>>
>> --
>> PHP Database Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
>
> --
> Jack van Zanen
>
> -------------------------
> This e-mail and any attachments may contain confidential material for the
> sole use of the intended recipient. If you are not the intended recipient,
> please be aware that any disclosure, copying, distribution or use of this
> e-mail or any attachment is prohibited. If you have received this e-mail
> in
> error, please contact the sender and delete all copies.
> Thank you for your cooperation
>

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php