I am using the below-prepared statement to insert into MySQL. If I try and insert something with $descrip containing a " (double quote) the insert stops at this point.
Example:
Trying to insert 16" Solid Steel Tube
The entry into the table row only shows 16 and stops at the " (double quote) and wont show the rest of $descrip.
What am I doing wrong?
$stmt = $db->prepare("INSERT INTO line_items (quote_id, part, descrip, qty, price, net, notes, datasheet) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("ssssssss", $quote_id, $part, $descrip, $qty, $price, $net, $notes, $datasheet);
foreach($_POST['part'] as $i => $item) {
$part = $item;
$descrip = $_POST['descrip'][$i]; //This wont enter something with double qutoes such as 16" Solid Steel Tube
$qty = $_POST['qty'][$i];
$price = $_POST['price'][$i];
$net = $_POST['net'][$i];
$notes = $_POST['notes'][$i];
$datasheet = $_POST['datasheet'][$i];
$stmt->execute();
}
EDIT:
FYI- I am selecting $descrip from another table in the database which correctly has this in the row as 16" Solid Steel Tube. When I try and copy this item into another table via my prepared statement that is when it wont insert properly.
Based on your hint...
I am selecting
$descripfrom another table in the database which correctly has this in the row as '16" Solid Steel Tube'. When i try and copy this item into another table via my prepared statement that is when it wont insert properly.
I imagine you're using this value in a form like this (but maybe not exactly)
<input type="text" value="<?= $descrip ?>" name="descrip[]">
The issue here is that the rendered HTML looks like
<input type="text" value="16" Solid Steel Tube" name="descrip[]">
Notice the value attribute now has an end-quote after "16"?
You need to encode your values for safe use in HTML. Try...
<input type="text" value="<?= htmlspecialchars($descrip) ?>" name="descrip[]">
This will render like
<input type="text" value="16" Solid Steel Tube" name="descrip[]">
Your PHP script will still receive it as the un-encoded string when submitted.