Jump to content


Photo

Posting data from form into database - Fixed by addslashes()


  • Please log in to reply
9 replies to this topic

#1 RichE

RichE
  • Members
  • PipPip
  • Member
  • 20 posts

Posted 30 June 2006 - 03:30 PM

Hello,

I have a script that I use to upload a series of text boxes, and textareas into a database (It's for posting movie reviews), as well as upload an image to /images/reviews. It seems to work fine if I do not type a lot, but if I start typing a fair amount, it wont write to the db. Here is a link to my actual code. It works fine most of the time, but if I get over a certain amount of characters, it wont post it, wont create a row, but will upload the image. I'm assuming I'm doing something wrong, but can't figure out what!


Link to code: http://www.severedho...eviewupload.txt

Any help would be appreciated!
Thanks!!

#2 Buyocat

Buyocat
  • Members
  • PipPipPip
  • Advanced Member
  • 267 posts

Posted 30 June 2006 - 03:35 PM

What data types do you have set for the text in your database?  If you are using varchar there is a 250 character limit on that, I believe.  So try text or blob if you want to store more.
Looking for some easy-to-use tools?  Try these, https://sourceforge....jects/utils-php -- I made them myself.  They're distinct tools which are easy to understand and use.  See some examples uses at http://www.anotherearlymorning.com

#3 RichE

RichE
  • Members
  • PipPip
  • Member
  • 20 posts

Posted 30 June 2006 - 04:16 PM

Thanks for the reply.

Most of the fields are text, only some of the smaller ones are varchar with small limits. For the ones with limits, I set a maxlength on the text as well, so it will never go over that amount.

Example:

<tr>
<td>Release Date:</td>
<td><input type="text" name="Release_Date" size=30 maxlength="35"></td>
</tr>

I should also note, that when it doesn't work, I go into phpmyadmin and paste it in there, and it works fine every time.

#4 shocker-z

shocker-z
  • Members
  • PipPipPip
  • Advanced Member
  • 864 posts
  • LocationNottingham

Posted 30 June 2006 - 04:27 PM

Buyocat actualy ment the datatype in the database as you have diffrent types for numbers, dates and text... text alot of people use varchar but this means that it has a max of 255 charactors so might be worth using mediumblob instead as this supports thousands of charactors..

Regards
Liam
www: www.ukchat.ws | irc: irc.ukchat.ws chan: #blufudge

#5 RichE

RichE
  • Members
  • PipPip
  • Member
  • 20 posts

Posted 30 June 2006 - 05:03 PM

Sorry, I was referring to the database datatype, but kinda mixed in my html code as well to make it confusing. :-)

Most are text, but some are varchar, but those that are varchar are <50 characters, and those don't seem to be the problem. I can type the limit in those fields and it works, the problem seems to be with the textarea fields that have a text datatype. Even though the database can handle it, it seems not to get saved if over a certain amount of characters.



Just a note: I am going camping for the weekend, so I probably wont respond until sunday. But thanks for the help so far guys!



#6 Buyocat

Buyocat
  • Members
  • PipPipPip
  • Advanced Member
  • 267 posts

Posted 30 June 2006 - 05:08 PM

Riche it looks like you need to have it print out the SQL error, I'm not sure how you're executing it, but if you're just using mysql_query then change it to:
$result = mysql_query($query) or die (mysql_error());
Something to that affect should print errors that are returned.  If that doesn't help, please show us what the query is if you echo it out and also the code that assembles and executes the query.
Looking for some easy-to-use tools?  Try these, https://sourceforge....jects/utils-php -- I made them myself.  They're distinct tools which are easy to understand and use.  See some examples uses at http://www.anotherearlymorning.com

#7 mac.php

mac.php
  • New Members
  • Pip
  • Newbie
  • 7 posts

Posted 30 June 2006 - 05:12 PM

There may be an error that is server side.  I'd suggest asking talking to your host if mysql_query() or die();  doesn't work or display an error 

#8 RichE

RichE
  • Members
  • PipPip
  • Member
  • 20 posts

Posted 02 July 2006 - 03:19 PM

Alright, I added a bunch of error outputs to my code. Now all I have to do is wait to test it. Here is what it looks like now. (I shortened the  mssql_query a bit so it didn't take up so much room)
if ($_POST["action"] == "Load")
{
$folder = "../images/reviews/";
move_uploaded_file($_FILES["filep"]["tmp_name"] , "$folder".$_FILES["filep"]["name"]);
chmod("$folder".$_FILES["filep"]["name"],0644);
echo "<p align=center>File ".$_FILES["filep"]["name"]." uploaded.<br />";

$link = mysql_connect("$host", "$user", "$pass") or die ("Could not connect to Database. Error: " . mysql_error());
$db_select = mysql_select_db("$db") or die("Could not select database" . mysql_error());
$result = mysql_query("INSERT into reviews (Title, Release_Date) VALUES('$Title', '$Release_Date')") or die ("Could not copy" . mysql_error());


if($link) { echo "Connected to Database...<br />"; }
if($db_select) { echo "Database Selected...<br />"; }
if($result) { echo "Review uploaded successfully...<br />"; }

}


#9 RichE

RichE
  • Members
  • PipPip
  • Member
  • 20 posts

Posted 03 July 2006 - 02:56 AM

Well, I tested out the script today, and I got an error message this time.

Basically it said there was a syntax error in:, and starting outputting some of my text in the movie description. I noticed it starting the output on 's, so I tried taking out the ' on the 's, and resubmitted it and it worked. Now that's weird! How am I supposed to type we're, shouldn't, couldn't, don't, or any other word, or name that uses a single quotation mark ( ' )

Any Ideas why this gives an error. It sounds kinda fishy that that would be a problem. There has to be something wrong with my code. Can anyone see anything, or have any ideas?

(Just to note, I went into phpmyadmin, and readded the '  But I don't want to do that everytime)

#10 RichE

RichE
  • Members
  • PipPip
  • Member
  • 20 posts

Posted 03 July 2006 - 02:38 PM

Alright, I found a page here: http://www.webmasterstop.com/63.html that seems to talk about the same problem I have. It goes on, and on about something called magic quotes, and a function called addslashes() but I think this page is the best thing I found so far. I am going to try some things in this page and let you guys know whats going on.

EDIT: Alright, I just had to add addslashes() to each variable I assigned to the text fields, and it works ok. If I were to echo a variable before I addslashes() I would get, "It's fun". After addslashes() it would say, "It\'s fun". But it does not copy the slash to the database. It copies the normal text, so no other editing has to be made! Problem solved.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users