0

This is a similar to How to insert Quotes into database. However, the answer does not correct my problem.

I have a variable:

$font="font-family:Arial,\"Helvetica Neue\",Helvetica,sans-serif;";

I want $font to be INSERTED into mysql Database, but all that is inserted:

"font-family:Arial,"

I need the quotes inserted to recognize the data. How do I go about inserting all of the data?

Community
  • 1
  • 1
Robert Crenshaw
  • 73
  • 7
  • How does the linked question *not* correct your problem? It shows exactly how to use query parameters. – David Jul 31 '16 at 17:50
  • 1
    When you have quotes in the query, you are likely to close the string. Closing it makes everything outside of the quotes be interpreted. That's basically called [SQL-Injection](http://bobby-tables.com/). Now, even if it's not a successful injection (maybe accidental), it **is** an injection. That is fixed using prepared statements and binding the values. How do you do that? Well, the dup link answers that.. – FirstOne Jul 31 '16 at 17:55
  • Maybe you can scape the quotes, there's [another post](http://stackoverflow.com/questions/2687866/escaping-single-quote-in-php-when-inserting-into-mysql) regarding this topic. – Tomás Gonzalez Dowling Jul 31 '16 at 18:46

0 Answers0