In PHP
<input type="checkbox" name="CBage" id="cbage2" value="and age >= 18 and age <= 24" checked/><label for="cbage2">18-24</label>
value="and age >= 18 and age <= 24"
After post action in php (i have tried)
$age1 = $_POST['CBage'];
$age = mysql_real_escape_string(implode(",", $age1));
or
$age = implode(",", $age1);
Table is created as
CREATE TABLE `jobs` (
`age` varchar(200) COLLATE utf8_unicode_ci
)ENGINE=MyISAM AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
In mysql it insert as
INSERT INTO jobs VALUES ('$age')
The value inserted as follows
and age = 18 and age,and age = 25 and age,
The problem is that it doesn't insert the value correctly (its missing > < and some text in the end) as
"and age >= 18 and age <= 24" but rather it inserted as "and age = 18 and age,and age = 25 and age,"
try to use htmlentities it will take care of all special charecters '<' (less than) becomes '<' '>' (greater than) becomes '>' then to reverse it when fetching use html_entity_decode
'<' (less than) becomes '<' '>' (greater than) becomes '>' then to reverse it when fetching use html_entity_decode
moreover its important to stop using Mysql_ to avoid serious sql injection danger use PDO or Mysqli prepared statements
$var1=htmlentities ($_POST['var1']) ;
$sth = $dbh->prepare('INSERT INTO table(field1) VALUES (?)');
$sth->bindParam(1, $var1, PDO::PARAM_STR);
$sth->execute();
to fetch back
$sth = $dbh->query('SELECT * FROM table');
while($row = $sth ->fetch(PDO::FETCH_ASSOC)) {
echo html_entity_decode($row['field1']); //etc...
}