This script displays the way I need it to when I manually insert it into my script with the correct value for $expdat: <span style="background-color:yellow">Expires ' . $expdat . '. </span>

How should I escape the quotes to be able to echo it from a mysql table?

If I just INSERT it (as is) into a mysql table and echo it from there, it displays as: Expires ' . $expdat . '.

//connect to db first
...
$expdat='July 20, 2012';
$theValue='<span style="background-color:yellow">Expires ' . $expdat . '. </span>';

//escape the value you are about to insert into the table:
$theValue = mysql_real_escape_string($theValue);

//provide the correct name for your table and your field
mysql_query( "INSERT INTO `tableName`(`fieldName`) VALUES('" . $theValue . "')" ) or die( mysql_error() );

//now if you select the inserted value you should be able to get what you inserted.
...

Except $theValue comes from a mysql table. That, apparently, changes things. I've been struggling with this. If you needed to display: <span style=\"background-color:yellow\">Expires ' . $expdat . '. </span> from a mysql table.

and $expdat = 06/09/12

How would you do it?

Except $theValue comes from a mysql table. That, apparently, changes things. I've been struggling with this. If you needed to display: <span style=\"background-color:yellow\">Expires ' . $expdat . '. </span> from a mysql table.

and $expdat = 06/09/12

How would you do it?

What is your question? Escape data for DB or echoing escaped data? Your question is ambiguous!

echoing escaped data from a database

This displays properly:

$dclaim = "<span style=\"background-color:yellow\">Expires   $expdat.</span>";
$var = eval("return '" . $dclaim . "';");
echo '<p style="font-size:9px;margin:0px;">' . $var . '</p>';

This doesn't and I don't know why:

//$dclaim same as above except from a mysql table including escaped quotes
$var = eval("return '" . $dclaim . "';");
echo '<p style="font-size:9px;margin:0px;">' . $var . '</p>';

What am I missing?

Perhaps, stripslash() can help you.

echoing escaped data from a database

This displays properly:

$dclaim = "<span style=\"background-color:yellow\">Expires   $expdat.</span>";
$var = eval("return '" . $dclaim . "';");
echo '<p style="font-size:9px;margin:0px;">' . $var . '</p>';

This doesn't and I don't know why:

//$dclaim same as above except from a mysql table including escaped quotes
$var = eval("return '" . $dclaim . "';");
echo '<p style="font-size:9px;margin:0px;">' . $var . '</p>';

What am I missing?

what does it print? How do you insert in Database?

the first example (the one that works) displays (in yellow): Expires 06/09/12.

the second example (the no go) displays (without yellow): Expires $expdat.

the 1st example $dclaim is manually coded and in the 2nd, it comes from the mysql table (with double quotes escaped: <span style=\"background-color:yellow\">Expires $expdat.</span>. There's something being lost when the value comes from the table.

the 2nd, it comes from the mysql table (with double quotes escaped: <span style=\"background-color:yellow\">Expires $expdat.</span>. There's something being lost when the value comes from the table.

The problem is how you insert than the display part. Show us relevant code of your insert, especially how you construct SQL query!

commented: Yes, there may be mokey business inside the table +3

Are you meaning '$expdat' is from MySQL database ? Did you store as variable ?

SQL query:

include_once "connect_to_mysql.php";
$result = mysql_query("SELECT * FROM stk WHERE id = 288") or die(mysql_error());
while ($row = mysql_fetch_array($result)) {
$id = $row;
&pic = $row;
$pic2 = explode("-",$pic);
$expdate = $pic2[3];
$expdat = substr($expdate,2,2) . "/" . substr($expdate,4,2) . "/" . substr($expdate,0,2);
$dclaim = $row;
}

value in $expdat = 06/09/12
value in $dclaim = <span style=\"background-color:yellow\">Expires $expdat. </span>

The hole in my script looks like this:

< div>

<p style="font-size:9px;margin:0px;">Something that says "Expires 06/09/12." with a yellow BG </p>;
</div>

I tried to get the display i need with:

$var = eval("return '" . $dclaim . "';");
echo '<p style="font-size:9px;margin:0px;">' . $var . '</p>';

I get (without yellow BG): Expires $expdat.

Instead of what I need (with yellow BG): Expires 06/09/12

What am I missing?

I got this to work:

$db_val = $dclaim;
				$replaced = sprintf($db_val, $expdat);
                echo '<p style="font-size:9px;margin:0px;">' . $replaced . '</p>';

Thanks for everyone's help,

Niche

SQL query:

include_once "connect_to_mysql.php";
$result = mysql_query("SELECT * FROM stk WHERE id = 288") or die(mysql_error());
while ($row = mysql_fetch_array($result)) {
$id = $row;
&pic = $row;
$pic2 = explode("-",$pic);
$expdate = $pic2[3];
$expdat = substr($expdate,2,2) . "/" . substr($expdate,4,2) . "/" . substr($expdate,0,2);
$dclaim = $row;
}

value in $expdat = 06/09/12
value in $dclaim = <span style=\"background-color:yellow\">Expires $expdat. </span>

The hole in my script looks like this:

< div>

<p style="font-size:9px;margin:0px;">Something that says "Expires 06/09/12." with a yellow BG </p>;
</div>

I tried to get the display i need with:

$var = eval("return '" . $dclaim . "';");
echo '<p style="font-size:9px;margin:0px;">' . $var . '</p>';

I get (without yellow BG): Expires $expdat.

Instead of what I need (with yellow BG): Expires 06/09/12

What am I missing?

show how you insert into database!

Please excuse me. Here's the code. It inserts (using UPDATE) some html/css and a php value to be displayed by a sprintf() function. The content that was the source of my question is:"<span style=\"background-color:yellow\">Expires %s. </span>" Your guidance on this is very appreciated.:

//do this provided there's disclaimers to process
if (strlen($dclaim_sum_val > 0)) {
  //while there's disclaimers to add 
  while ($counter < $reps) {
    //get id value for disclaimer
	$dc_num = $dclaim_sum_val2[$counter];
    //get disclaimer text for id value
	include "connect_to_mysql.php";
        $claim_select = mysql_query("SELECT * FROM disclaimers WHERE id = " . $dc_num . "") or die(mysql_error());
	//parse result of mysql_query
	$claim_select2 = mysql_fetch_array($claim_select);
	$claim_select3 = $claim_select2['disclaimer'];
	$dc_num = "'" . $dclaim_sum_val2[$counter] . "'";
	$claim_select3 = "'" . $claim_select2['disclaimer'] . "'";
	//add selected disclaimers to stk table
	include "connect_to_mysql.php";
	//mysql_query("UPDATE stk SET dclaim_sum = CONCAT(dclaim_sum," . $dc_num . "), dclaim = CONCAT(dclaim," . $claim_select3 . ")  WHERE id = " . $upc_key . "") or die(mysql_error());
    mysql_query("UPDATE stk SET dclaim = CONCAT(dclaim," . $claim_select3 . ")  WHERE id = " . $upc_key . "") or die(mysql_error());
	//mysql_query("UPDATE stk SET dclaim_sum = CONCAT(dclaim_sum," . $dc_num . ")  WHERE id = " . $upc_key . "") or die(mysql_error());
	
	//advance the counter
	$counter++;
  }
}

Replace the code

mysql_query("UPDATE stk SET dclaim = CONCAT(dclaim," . $claim_select3 . ")  WHERE id = " . $upc_key . "") or die(mysql_error());

with code below and tell us what it displays:

echo "UPDATE stk SET dclaim = CONCAT(dclaim," . $claim_select3 . ")  WHERE id = " . $upc_key . "";
die();

first of all on your post above, &pic = $row['pic']; should be $pic = $row['pic']; .

From that post, I can see that $expdat is derived from the value you have in the `pic` column of your `stk` table. So you need to show where you are updating `stk`.`pic` . What you posted shows where you are updating `stk`.`dclaim` , but that is NOT the problem. Look through your code and see where you are updating `stk`.`pic` and then post it here.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.