Reputation: 8587
inserting ampersand (&) in mysql with PDO php?
I'm using PDO to insert values into mysql
I'm doing something like this
$sql = $db->prepare("INSERT INTO table(value) VALUES(?)");
$sql -> execute(array($value));
I noticed that if I type in the text & in my input field, it gets removed into inserting mysql. I guess this is good because it shows that mysql injection is protected? Well what if I would like to have just this value as a text such as : beer & wine
Any suggestions on what to do?
Upvotes: 3
Views: 1629
Answers (1)
Reputation: 157888
I guess this is good
This is apparently BAD. A database that cannot store certain symbols is a nonsense. Imagine one was used on this site. You were unable to ask your question at all!
it shows that mysql injection is protected?
It shows nothing. An ampersand has nothing to do with injections and as I said above, removing symbols has nothing to do with injection protection.
it gets removed into inserting mysql.
It doesn't. It is just as you are seeing it. You are seeing it not in the database, but somewhere else. That is your problem.
Check your data before insert.
Check your database. Find your ampersand untouched.
Then trace your data flow to find the spot where ampersand is lost.
Then ask a question.
Upvotes: 1
Related Questions
- Escaping & (ampersand) in SOQL
- PDO PHP Adding "AND" in BetweenPlaceholders
- how to insert ampersand in mysql using php?
- "&" And "And" In A Prepared Statement Failing
- How do I INSERT the character "&" into a MySQL database?
- PDO escape & in query
- Issue inserting ampersands into MySQL
- MySQL insert fails with '&' character
- How to handle (on the server side) ampersand while inserting text into MySQL using PHP?
- How can I escape an ampersand in php before sending to a db?