URL filtering and posting to MySQL

Question

I want to save a URL like the one below in a MySQL table

http://www.google.com/search?q=mysql+rel+scape&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a#hl=en&safe=off&client=firefox-a&hs=uUt&rls=org.mozilla:en-US:official&sa=X&ei=t_jMTtvUE4jfsgbA_4HdDA&ved=0CBgQvwUoAQ&q=mysql+real+escape&spell=1&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=6f9f60a823dcbbc2&biw=1920&bih=901

but it's only saved up to

http://www.google.com/search?q=mysql rel scape

I tried UTF-8, text, varchar column types but it doesn't seem to work. This is what i use for my insert query:

'".addslashes($_POST['url'])."',

Can anyone point me out where is the problem?

Interesting that is only goes up to the first "&" character... or maybe it means nothing — musefan, Nov 23 '11 at 13:55
Please switch to using parameterized queries. `addslashes` and even `mysql_real_escape_string` will not prevent SQL injection attacks. See my answer to this other question: http://stackoverflow.com/questions/8165500/efficiently-sanitize-user-entered-text/8169705#8169705 — Polynomial, Nov 23 '11 at 13:56

score 1 · Accepted Answer · edited May 23 '17 at 11:55

If you want to store the full url, you will have to use urlencode

$url = urlencode('http://www.google.com/search?q=mysql+rel+scape&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a#hl=en&safe=off&client=firefox-a&hs=uUt&rls=org.mozilla:en-US:official&sa=X&ei=t_jMTtvUE4jfsgbA_4HdDA&ved=0CBgQvwUoAQ&q=mysql+real+escape&spell=1&bav=on.2,or.r_gc.r_pw.,cf.osb&fp=6f9f60a823dcbbc2&biw=1920&bih=901');

This will store the & as & which can be stored in the database.

Don't forget to take a look at security, never accept a $_POST blindly in your database. Like Polynomial said: Efficiently sanitize user entered text

well this kinda helped. im still checking for more solutions. thank you so much — maxlk, Nov 23 '11 at 14:24

URL filtering and posting to MySQL

1 Answers1