MySQLand a prepared statement problem

Hello everyone,

I have a problem. When I insert
into my database with the following code...

$connect = mysqli_connect($hostname, $username, $password, $database);
$sql="INSERT INTO notes VALUES ('$id', '$note')";
$result=mysqli_query($connect, $sql);

....everything works fine. The link (when I SELECT it and display it in my
browser) works as one would expect.

However when I insert into my
database with the following code (prepared statement)...

$submitnote = mysqli_prepare($connect, "INSERT INTO notes VALUES (?, ?)");
mysqli_stmt_bind_param($submitnote, "is", $id, $note);
mysqli_stmt_execute($submitnote);

....the link (when I SELECT it and display it in my browser) shows up as...

http://jasoncarson.ca/admin/\"http://example.com\"

....Anyone know how to fix this so I can use the prepared statement?


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: MySQLand a prepared statement problem

> Hello everyone,
>
> I have a problem. When I insert
> into my database with the following code...
>
> $connect = mysqli_connect($hostname, $username, $password, $database);
> $sql="INSERT INTO notes VALUES ('$id', '$note')";
> $result=mysqli_query($connect, $sql);
>
> ...everything works fine. The link (when I SELECT it and display it in my
> browser) works as one would expect.
>
> However when I insert into my
> database with the following code (prepared statement)...
>
> $submitnote = mysqli_prepare($connect, "INSERT INTO notes VALUES (?, ?)");
> mysqli_stmt_bind_param($submitnote, "is", $id, $note);
> mysqli_stmt_execute($submitnote);
>
> ...the link (when I SELECT it and display it in my browser) shows up as...
>
> http://jasoncarson.ca/admin/\"http://example.com\"
>
> ...Anyone know how to fix this so I can use the prepared statement?
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Just to clarify, $id would be different for each entry in the database.
$id=1 or 2 or 3 etc...
and
$note =


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: MySQLand a prepared statement problem

--0016e64548c0e81575046edef265
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

check into stripslashes ,addslashes and mysqli_real_escape_string functions.

Jack

2009/7/17 Jason Carson

> > Hello everyone,
> >
> > I have a problem. When I insert
> > into my database with the following code...
> >
> > $connect = mysqli_connect($hostname, $username, $password, $database);
> > $sql="INSERT INTO notes VALUES ('$id', '$note')";
> > $result=mysqli_query($connect, $sql);
> >
> > ...everything works fine. The link (when I SELECT it and display it in my
> > browser) works as one would expect.
> >
> > However when I insert into my
> > database with the following code (prepared statement)...
> >
> > $submitnote = mysqli_prepare($connect, "INSERT INTO notes VALUES (?,
> ?)");
> > mysqli_stmt_bind_param($submitnote, "is", $id, $note);
> > mysqli_stmt_execute($submitnote);
> >
> > ...the link (when I SELECT it and display it in my browser) shows up
> as...
> >
> > http://jasoncarson.ca/admin/\"http://example.com\"
> >
> > ...Anyone know how to fix this so I can use the prepared statement?
> >
> >
> > --
> > PHP Database Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
> >
> Just to clarify, $id would be different for each entry in the database.
> $id=1 or 2 or 3 etc...
> and
> $note =
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


--
Jack van Zanen

-------------------------
This e-mail and any attachments may contain confidential material for the
sole use of the intended recipient. If you are not the intended recipient,
please be aware that any disclosure, copying, distribution or use of this
e-mail or any attachment is prohibited. If you have received this e-mail in
error, please contact the sender and delete all copies.
Thank you for your cooperation

--0016e64548c0e81575046edef265--

Re: MySQLand a prepared statement problem

I was under the impression that using prepared statements means you don't
need to use those functions.

> check into stripslashes ,addslashes and mysqli_real_escape_string
> functions.
>
> Jack
>
> 2009/7/17 Jason Carson
>
>> > Hello everyone,
>> >
>> > I have a problem. When I insert >> href="http://example.com>Example
>> > into my database with the following code...
>> >
>> > $connect = mysqli_connect($hostname, $username, $password, $database);
>> > $sql="INSERT INTO notes VALUES ('$id', '$note')";
>> > $result=mysqli_query($connect, $sql);
>> >
>> > ...everything works fine. The link (when I SELECT it and display it in
>> my
>> > browser) works as one would expect.
>> >
>> > However when I insert into my
>> > database with the following code (prepared statement)...
>> >
>> > $submitnote = mysqli_prepare($connect, "INSERT INTO notes VALUES (?,
>> ?)");
>> > mysqli_stmt_bind_param($submitnote, "is", $id, $note);
>> > mysqli_stmt_execute($submitnote);
>> >
>> > ...the link (when I SELECT it and display it in my browser) shows up
>> as...
>> >
>> > http://jasoncarson.ca/admin/\"http://example.com\"
>> >
>> > ...Anyone know how to fix this so I can use the prepared statement?
>> >
>> >
>> > --
>> > PHP Database Mailing List (http://www.php.net/)
>> > To unsubscribe, visit: http://www.php.net/unsub.php
>> >
>> >
>> Just to clarify, $id would be different for each entry in the database.
>> $id=1 or 2 or 3 etc...
>> and
>> $note =
>>
>>
>> --
>> PHP Database Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>
>
> --
> Jack van Zanen
>
> -------------------------
> This e-mail and any attachments may contain confidential material for the
> sole use of the intended recipient. If you are not the intended recipient,
> please be aware that any disclosure, copying, distribution or use of this
> e-mail or any attachment is prohibited. If you have received this e-mail
> in
> error, please contact the sender and delete all copies.
> Thank you for your cooperation
>



--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: MySQLand a prepared statement problem

I solved the problem by turning off magic_quotes_gpc in my php.ini file.

> I was under the impression that using prepared statements means you don't
> need to use those functions.
>
>> check into stripslashes ,addslashes and mysqli_real_escape_string
>> functions.
>>
>> Jack
>>
>> 2009/7/17 Jason Carson
>>
>>> > Hello everyone,
>>> >
>>> > I have a problem. When I insert >>> href="http://example.com>Example
>>> > into my database with the following code...
>>> >
>>> > $connect = mysqli_connect($hostname, $username, $password,
>>> $database);
>>> > $sql="INSERT INTO notes VALUES ('$id', '$note')";
>>> > $result=mysqli_query($connect, $sql);
>>> >
>>> > ...everything works fine. The link (when I SELECT it and display it
>>> in
>>> my
>>> > browser) works as one would expect.
>>> >
>>> > However when I insert into
>>> my
>>> > database with the following code (prepared statement)...
>>> >
>>> > $submitnote = mysqli_prepare($connect, "INSERT INTO notes VALUES (?,
>>> ?)");
>>> > mysqli_stmt_bind_param($submitnote, "is", $id, $note);
>>> > mysqli_stmt_execute($submitnote);
>>> >
>>> > ...the link (when I SELECT it and display it in my browser) shows up
>>> as...
>>> >
>>> > http://jasoncarson.ca/admin/\"http://example.com\"
>>> >
>>> > ...Anyone know how to fix this so I can use the prepared statement?
>>> >
>>> >
>>> > --
>>> > PHP Database Mailing List (http://www.php.net/)
>>> > To unsubscribe, visit: http://www.php.net/unsub.php
>>> >
>>> >
>>> Just to clarify, $id would be different for each entry in the database.
>>> $id=1 or 2 or 3 etc...
>>> and
>>> $note =
>>>
>>>
>>> --
>>> PHP Database Mailing List (http://www.php.net/)
>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>>
>>
>>
>> --
>> Jack van Zanen
>>
>> -------------------------
>> This e-mail and any attachments may contain confidential material for
>> the
>> sole use of the intended recipient. If you are not the intended
>> recipient,
>> please be aware that any disclosure, copying, distribution or use of
>> this
>> e-mail or any attachment is prohibited. If you have received this e-mail
>> in
>> error, please contact the sender and delete all copies.
>> Thank you for your cooperation
>>
>
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>



--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php