How to pass a parameter from a stored procedure with escaped characters?

1

I'm using php and mysql and would like to pass the following parameter to a stored procedure

$param = "col = '{"video":"<iframe width=\'480\' height=\'600\' src=\'www.qualquercoisa.com\´"}'";

call spActCol($param);

but it happens that the stored procedure overrides all escaped characters which creates an error when trying to update the database, ie internally in the procedure the sentence is:

UPDATE exemple SET col = '{"video":"<iframe width='480' height='600' src='www.qualquercoisa.com'"}' where id=1;

Does anyone have an idea how to solve this problem?

    
asked by anonymous 14.04.2015 / 12:05

1 answer

1

no mysql use:

UPDATE exemple SET col = '{"video":"<iframe width=\'480\' height=\'600\' src=\'www.qualquercoisa.com\'"}' where id=1;

or in php use addslashes ()

link

  

If you are using the string for the procedure to execute as a sql statement then you have to do a prepare / execute   example:

SET @query = CONCAT("UPDATE exemple SET col = ",@parametro," where id=1");      
PREPARE stmt FROM @query;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
    
14.04.2015 / 21:28