How to pass a parameter from a stored procedure with escaped characters?

Question

How to pass a parameter from a stored procedure with escaped characters?

Navigation

#1 by (1 votes)

1

I'm using php and mysql and would like to pass the following parameter to a stored procedure

$param = "col = '{"video":"<iframe width=\'480\' height=\'600\' src=\'www.qualquercoisa.com\´"}'";

call spActCol($param);

but it happens that the stored procedure overrides all escaped characters which creates an error when trying to update the database, ie internally in the procedure the sentence is:

UPDATE exemple SET col = '{"video":"<iframe width='480' height='600' src='www.qualquercoisa.com'"}' where id=1;

Does anyone have an idea how to solve this problem?

php mysql

asked by anonymous 14.04.2015 / 12:05

1 answer

Doubt Insert Image with Jquery? Problem with paging wordpress (returns 404)

score 1 · Answer 1

no mysql use:

UPDATE exemple SET col = '{"video":"<iframe width=\'480\' height=\'600\' src=\'www.qualquercoisa.com\'"}' where id=1;

or in php use addslashes ()

link

If you are using the string for the procedure to execute as a sql statement then you have to do a prepare / execute example:

SET @query = CONCAT("UPDATE exemple SET col = ",@parametro," where id=1");      
PREPARE stmt FROM @query;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;