user6791369 user6791369 - 1 month ago 5
PHP Question

How to get my mysqli query working?

I'm trying to update info in the db. I'm including information from a PHP variable to be updated in the query.

$render_html = "<img src='#' title='#'>";

$db->query("UPDATE blue SET blue_3='$render_html'");

Note: I can't include this information directly from the query, only from a variable. I have significantly cut back the information in the variable to make this question less complex... Please assume the db is connected and that the problem lies in
. The db uses mysqil.


Simply looking at the query*:

$render_html = "<img src='#' title='#'>";

$db->query("UPDATE blue SET blue_3='$render_html'");

The query would be:

$db->query("UPDATE blue SET blue_3='<img src='#' title='#'>'");

Those ' quotes are going to be an issue since they're used inside and around the string. Instead escape the quotes like this:

$db->query("UPDATE blue SET blue_3='<img src=\'#\' title=\'#\'>'");

Also you might consider using prepared statement syntax instead:

$connection = new mysqli("localhost", "username", "password", "database");
$render_html = "<img src='#' title='#'>";

$stmt = $connection->prepare("UPDATE blue SET blue_3 = ?");
$stmt->bind_param("s", $render_html);

Keep in mind that it's a bad idea to put html in a database in most cases, it's better to put only the necessary information in the database and then generate the html string with php after getting the information from the database.

*Ignoring the fact that it isn't prepared mysql statement syntax which should be used for security reasons.