I solved the problem by turning off magic_quotes_gpc in my php.ini file. > I was under the impression that using prepared statements means you don't > need to use those functions. > >> check into stripslashes ,addslashes and mysqli_real_escape_string >> functions. >> >> Jack >> >> 2009/7/17 Jason Carson <jason@xxxxxxxxxxxxxx> >> >>> > Hello everyone, >>> > >>> > I have a problem. When I insert <a >>> href="http://example.com>Example</a> >>> > into my database with the following code... >>> > >>> > $connect = mysqli_connect($hostname, $username, $password, >>> $database); >>> > $sql="INSERT INTO notes VALUES ('$id', '$note')"; >>> > $result=mysqli_query($connect, $sql); >>> > >>> > ...everything works fine. The link (when I SELECT it and display it >>> in >>> my >>> > browser) works as one would expect. >>> > >>> > However when I insert <a href="http://example.com";>Example</a> into >>> my >>> > database with the following code (prepared statement)... >>> > >>> > $submitnote = mysqli_prepare($connect, "INSERT INTO notes VALUES (?, >>> ?)"); >>> > mysqli_stmt_bind_param($submitnote, "is", $id, $note); >>> > mysqli_stmt_execute($submitnote); >>> > >>> > ...the link (when I SELECT it and display it in my browser) shows up >>> as... >>> > >>> > http://jasoncarson.ca/admin/\"http://example.com\"; >>> > >>> > ...Anyone know how to fix this so I can use the prepared statement? >>> > >>> > >>> > -- >>> > PHP Database Mailing List (http://www.php.net/) >>> > To unsubscribe, visit: http://www.php.net/unsub.php >>> > >>> > >>> Just to clarify, $id would be different for each entry in the database. >>> $id=1 or 2 or 3 etc... >>> and >>> $note = <a href="http://example.com";>Example</a> >>> >>> >>> -- >>> PHP Database Mailing List (http://www.php.net/) >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> >>> >> >> >> -- >> Jack van Zanen >> >> ------------------------- >> This e-mail and any attachments may contain confidential material for >> the >> sole use of the intended recipient. If you are not the intended >> recipient, >> please be aware that any disclosure, copying, distribution or use of >> this >> e-mail or any attachment is prohibited. If you have received this e-mail >> in >> error, please contact the sender and delete all copies. >> Thank you for your cooperation >> > > > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
