PHP - string and link combined and sent to db

Question

I want to send a string with a link to a database, but i can't get this to work, and really dont know what to search for on google..

I try this:

$string = "Here is a <a href='index.php?link=her'>LINK</a>. Click if you want.";
mysql_query("INSERT INTO my_db (row) VALUES ('$string')");

But it doesn't seem to add this to the database. I tried some stuff, but best case scenario, when i show the input from the database, it just shows my a tag as pure text...

How can I get this to work? Thanks.

You aren't escaping the string. Also, the mysql extension is deprecated. You should be using mysqli or PDO with bound parameters. See http://stackoverflow.com/q/60174/3794472 — Jeremiah Winsley, Dec 15 '14 at 22:14

score 0 · Accepted Answer · answered Dec 15 '14 at 22:14

0

It's a conflict with how the single/double quotes end up getting included. The way it's written now, the output query looks like this:

INSERT INTO my_db (row) VALUES ('Here is a <a href='index.php?link=her'>LINK</a>. Click if you want.')

Notice how you end up with 4 single quotes, which will do funky things.

I'd recommend switching the singles & doubles in your first line:

$string = 'Here is a <a href="index.php?link=her">LINK</a>. Click if you want.';
mysql_query("INSERT INTO my_db (row) VALUES ('$string')");

EDIT: Also see @Jeremiah Winsley 's comment on your question.

answered Dec 15 '14 at 22:14

mopo922

6,293
3
28
31

Spot on!! My logic failed, should have thought of that myself :p i know about the mysqli, just old habit when i wrote the example ;) – Zjitzu Dec 15 '14 at 22:32
Happens to the best of us :) – mopo922 Dec 15 '14 at 22:33

PHP - string and link combined and sent to db

1 Answers1