I have a heredoc variable like this:
$status=<<<EOT
<p>hello world</p>
<p>I'm <strong>really</strong>OK!</p>
<p></p>
EOT;
And I want to insert it into my MySQL DB with whitespaces by PHP like this:
query="INSERT INTO requests (ID,title) VALUES ('$ID','$status')";
But I can't do that. What should I do to be allowed to insert that?
You can do it in 2 ways:
Using mysqli_real_escape_string() like this:
$mydb = new mysqli("localhost","root","FedAnd11");
$status=<<<EOT
<p>hello world</p>
<p>I'm <strong>really</strong>OK!</p>
<p></p>
EOT;
$query="INSERT INTO requests (ID,title) VALUES ('$ID','".$mydb->real_escape_string($status)."')";
or if you don't have a db connection yet,
$status=<<<EOT
<p>hello world</p>
<p>I'm <strong>really</strong>OK!</p>
<p></p>
EOT;
$status = str_replace(array('\\', "\0", "\n", "\r", "'", '"', "\x1a"), array('\\\\', '\\0', '\\n', '\\r', "\\'", '\\"', '\\Z'), $status);
$query="INSERT INTO requests (ID,title) VALUES ('$ID','$status')";
If I've understood you problem.
Another thing you can do, is to use a mysql prepared statement, if you really want to put $status as is, like this:
$status=<<<EOT
<p>hello world</p>
<p>I'm <strong>really</strong>OK!</p>
<p></p>
EOT;
$stmt = $dbConnection->prepare('INSERT INTO requests (ID,title) VALUES (?,?)');
$stmt->bind_param('is', $ID,$status);
$stmt->execute();
I supposed the $ID is integer.
Try using addslashes()
$status = addslashes($status);
query="INSERT INTO requests (ID,title) VALUES ('$ID','$status')";
