is it possible to do the query insert into in html value?

Question

I want to put a html code inside my table row, so that i can select it later. I had variables hstatus1 and hstatus2, the meaning are htmlstatus1 and htmlstatus2. It's work if i fill words, but if i fill html code, it doesn't work. Because i want to make a query select later and i never INSERT INTO like this before, but i can SELECT the html record before. tq

mycode:

<?php
    include("10rbkcon.php"); //connection db

    $username2='kampret';
    $status1="following";
    $status2="follower";
    $hstatus1="<font color='black'>following</font>"; //the problem is in here
    $hstatus2="<font color='blue'>follower</font>"; //and here
    $ssloginmember=$_SESSION[ssloginmember];
    $username=$ssloginmember;

    mysql_query("INSERT INTO t_follow(username,username2,status,hstatus) VALUES('$username','$username2','$status1','$hstatus1')");
?>

I think the problem is with you sql insert - you have hyphons in your Strings and use hyphons for quoting: `... VALUES ( ... '$hstatus1') `. This results in `... VALUES ( ... 'following') ` As you can see, the quote goes from here to here: `'following"` — Alexander, Oct 09 '15 at 13:17
@Alexander. Your answer is great also. It's works either. Thanks you. — Juna serbaserbi, Oct 09 '15 at 13:44

score 1 · Accepted Answer · answered Oct 09 '15 at 13:12

1

Are you escaping the HTML before attempting to insert it into the database? Assuming your HTML is stored in the variable $hstatus1, $hstatus2.

$hstatus1 = mysql_real_escape_string($hstatus1);
$hstatus2 = mysql_real_escape_string($hstatus2);

answered Oct 09 '15 at 13:12

Darren Willows

2,053
14
21

Darren, please help me again in [here](http://stackoverflow.com/questions/33669459/confusing-about-this-cookies-in-redirecting-system) – Juna serbaserbi Nov 12 '15 at 12:39

score 1 · Answer 2 · answered Oct 09 '15 at 13:28

1

Your string for $hstatus1 and $hstatus2 have single quotes (') in them, so when the query runs, it gets ...following', '<font color='black'>following</font>, so the 's from the color='black'. Just add a \ in front of each quote,that should escape them, according to http://www.php.net/manual/en/language.types.string.php

answered Oct 09 '15 at 13:28

kzhao14

2,470
14
21

Yeah, that's right. your solution is great also. I tried it and it worked. Thank you k97513. – Juna serbaserbi Oct 09 '15 at 13:46
I accept your answer, but sorry Darren Willows answer first and fastest, if it allowed, i will checkmark both of you. But I gave you +1 already, many thanks for you. – Juna serbaserbi Oct 09 '15 at 17:50
k97513, please help me again in [here](http://stackoverflow.com/questions/33669459/confusing-about-this-cookies-in-redirecting-system) – Juna serbaserbi Nov 12 '15 at 12:39

is it possible to do the query insert into in html value?

2 Answers2