0

In PHP 

<input type="checkbox" name="CBage"  id="cbage2" value="and age >= 18 and age <= 24" checked/><label for="cbage2">18-24</label>

value="and age >= 18 and age <= 24"

After post action in php (i have tried)

$age1 = $_POST['CBage'];
$age = mysql_real_escape_string(implode(",", $age1));

or

 $age = implode(",", $age1);

Table is created as 

CREATE TABLE `jobs` (
`age` varchar(200) COLLATE utf8_unicode_ci
)ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

In mysql it insert as 

INSERT INTO jobs VALUES ('$age')

The value inserted as follows

and age = 18 and age,and age = 25 and age,

The problem is that it doesn't insert the value correctly (its missing > < and some text in the end) as

"and age >= 18 and age <= 24" but rather it inserted as "and age = 18 and age,and age = 25 and age,"
Mark Baker
  • 209,507
  • 32
  • 346
  • 385
Newbie2Bootstrap
  • 19
  • 6
  • possible duplicate of (http://stackoverflow.com/questions/2843849/mysql-real-escape-more-than-once) try to use htmlentities() – Hatem Ahmed Apr 28 '16 at 23:22
  • No it isn't missing those characters; your'e looking at the value in a web browser, which treats them as special characters in the html markup.... do a "view source" to see what is really being retrieved from the database – Mark Baker Apr 28 '16 at 23:23
  • ok first of all you shouldn't use mysql_ use PDO or MYSQLI instead. try to paste a full code to help better understanding of your issue – Hatem Ahmed Apr 28 '16 at 23:25
  • try to use htmlentities it will take care of all special charecters '<' (less than) becomes '<' '>' (greater than) becomes '>' then to reverse it when fetching use html_entity_decode – Hatem Ahmed Apr 28 '16 at 23:30

1 Answers1

0

try to use htmlentities it will take care of all special charecters '<' (less than) becomes '<' '>' (greater than) becomes '>' then to reverse it when fetching use html_entity_decode

'<' (less than) becomes '&lt;' '>' (greater than) becomes '&gt;' then to reverse it when fetching use html_entity_decode

moreover its important to stop using Mysql_ to avoid serious sql injection danger use PDO or Mysqli prepared statements 

$var1=htmlentities ($_POST['var1'])   ;


 $sth = $dbh->prepare('INSERT INTO table(field1) VALUES (?)');

    $sth->bindParam(1, $var1, PDO::PARAM_STR);
    $sth->execute();

to fetch back 

$sth = $dbh->query('SELECT * FROM table');

while($row = $sth ->fetch(PDO::FETCH_ASSOC)) {
    echo html_entity_decode($row['field1']); //etc...
}
Hatem Ahmed
  • 180
  • 8