Storing Javascript in MySQL with PHP Getting Errors??

[BrazilMac]

Hello,

 

I have been trying to store a javascript in a MySQL field from a textarea, but I keep getting a

 

"The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. "

 

Error. If I have just HTML code, it saves properly, but the Javascript tags, for some reason I cant get it saved. Im with Hostgator, is that somehting related???? Is it possible to fix with Just PHP??

 

Thanks!!!

[PFMaBiSmAd]

It is unlikely that the content in a field would be causing that type of an error unless your code was doing something unusual. You would need to post both the form and the form processing code and post an example of what you are trying to insert that causes the error.

[BrazilMac]

Ok, here is the form: (Im actually using AJAX, but the forms submits to this php the same way:

 

<form id="step1Form" name="step1Form" method="get" action="step1.php">

              <p>Please select your Template:

                <select name="selectTheme" id="selectTheme">

                    <option value="1" selected="selected">Blue Theme</option>

                    <option value="2">Red Theme</option>

                    <option value="3">Orange Theme</option>

                    <option value="4">Green Theme</option>

                  </select>

                  <img src="images/preview.jpg" alt="Preview Site" width="30" height="25" align="absmiddle" /> </p>

              <p>Please enter your Kit Editor Code: <img src="images/help.jpg" width="30" height="30" align="absmiddle" /><br />

              </p>

              <p>

                <label>

                <textarea name="txtKitEditor" id="txtKitEditor" cols="45" rows="5"></textarea>

                </label>

              </p>

              <p>Please enter Keywords (optional): <img src="images/help.jpg" alt="" width="30" height="30" align="absmiddle" /><br />

                  <label>

                  <input name="txtKeywords" type="text" id="txtKeywords" size="60" maxlength="60" />

                  </label>

              </p>

              <p>Please enter your Banner Code: <img src="images/help.jpg" alt="" width="30" height="30" align="absmiddle" /></p>

              <p>

                <label>

                <textarea name="txtBannerCode" id="txtBannerCode" cols="45" rows="5"></textarea>

                </label>

              </p>

              <p>

                <label>

                <input type="submit" name="submit" id="submit" value="Next" />

                </label>

            </form>

 

Here is the PHP:

 

 

<?

include("connect.inc.php");

 

 

function storeConfig() {

  $message = " ";

 

  if( !isset($_GET['selectTheme']) ){

 

  }

  else {

 

    $selectTheme = $_GET['selectTheme'];

$txtKitEditor = $_GET['txtKitEditor'];

$txtKeywords = $_GET['txtKeywords'];

$txtBannerCode = $_GET['txtBannerCode'];

 

 

    $con = mysql_connect(DB_HOST ,DB_USER, DB_PASS);

      mysql_select_db(DB_NAME, $con);

 

 

  $result = mysql_query("INSERT INTO configuration SET template='" . $selectTheme . "', kit_code='" . htmlspecialchars($txtKitEditor) . "', keywords='" . $txtKeywords . "', banner_code='" . $txtBannerCode . "' ON DUPLICATE KEY UPDATE template='" . $selectTheme . "', kit_code='" . $txtKitEditor . "', keywords='" . $txtKeywords . "', banner_code='" . $txtBannerCode . "'");

 

if(mysql_error()){

        $message = mysql_error();

      }

      else {

        $message = "<H2>Settings Saved</h2>";

      }

  }

  return $message;

}

?>

 

$txtKitEditor is the culprit. as I said, if I submit regular HTML code it works fine and no errors at all, but as soon as there is a <script javascript> tag, it throws that error. I have tried encapsulating the javascript tags with a <div> </div> tag but that error still comes up

[PFMaBiSmAd]

post an example of what you are trying to insert that causes the error.

Showing an example of what you are trying to insert would help get the quickest solution.

 

Your code is not escaping any of the form data being put into the query. It is likely that a quote in the data is breaking your query and I would guess that your real code that is calling the storeConfig() is probably doing something incorrect when the query fails.

[BrazilMac]

Sorry, I forgot that!!!

 

Here is what Im trying to post:

 

<script language='JavaScript1.1'>

document.write("<sc"+"ript language='JavaScript1.1' src='http://rover.ebay.com/ar/1/56006/1?campid=5335818235&toolid=56006&customid=&mpt=" + Math.floor(Math.random()*999999999999) + "&adtype=3&size=120x600&def=a3h&n3y=1&p9m=1&v1e=1&x6n=1&m9q=1&z5m=1&l3s=1&b4x=1&k4v=1&y6d=1&u7v=1&a3h=1&mpvc='></sc"+"ript>");

</script>

<noscript>

<a href='http://rover.ebay.com/rover/1/711-53200-19255-40/1?campid=5335818235&toolid=56006&customid=&def=a3h&n3y=1&p9m=1&v1e=1&x6n=1&m9q=1&z5m=1&l3s=1&b4x=1&k4v=1&y6d=1&u7v=1&a3h=1&mpvc='>

<img border='0px' src='http://rover.ebay.com/ar/1/711-53200-19255-40/1?campid=5335818235&toolid=56006&customid=&mpt=[CACHEBUSTER]&adtype=1&size=120x600&def=a3h&n3y=1&p9m=1&v1e=1&x6n=1&m9q=1&z5m=1&l3s=1&b4x=1&k4v=1&y6d=1&u7v=1&a3h=1&mpvc=' alt='Click Here'>

</a>

</noscript>

 

I have tried the htmlspecialchars and other functions, but Im still getting the error, maybe Im missing somehting  ???

[DarkWater]

You need to escape data going into a database with mysql_real_escape_string().

[BrazilMac]

I changed my SQL statement to:

 

$result = mysql_query("INSERT INTO configuration SET template='" . $selectTheme . "', kit_code='" . mysql_real_escape_string($txtKitEditor) . "', keywords='" . $txtKeywords . "', banner_code='" . $txtBannerCode . "' ON DUPLICATE KEY UPDATE template='" . $selectTheme . "', kit_code='" . $txtKitEditor . "', keywords='" . $txtKeywords . "', banner_code='" . $txtBannerCode . "'");

 

Im still getting the error "The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later." Did I implement it correctly?