Jump to content

Posting data from form into database - Fixed by addslashes()


RichE

Recommended Posts

Hello,

I have a script that I use to upload a series of text boxes, and textareas into a database (It's for posting movie reviews), as well as upload an image to /images/reviews. It seems to work fine if I do not type a lot, but if I start typing a fair amount, it wont write to the db. Here is a link to my actual code. It works fine most of the time, but if I get over a certain amount of characters, it wont post it, wont create a row, but will upload the image. I'm assuming I'm doing something wrong, but can't figure out what!


Link to code: http://www.severedhorror.com/reviewupload.txt

Any help would be appreciated!
Thanks!!
Link to comment
Share on other sites

Thanks for the reply.

Most of the fields are text, only some of the smaller ones are varchar with small limits. For the ones with limits, I set a maxlength on the text as well, so it will never go over that amount.

Example:

<tr>
<td>Release Date:</td>
<td><input type="text" name="Release_Date" size=30 maxlength="35"></td>
</tr>

I should also note, that when it doesn't work, I go into phpmyadmin and paste it in there, and it works fine every time.
Link to comment
Share on other sites

Buyocat actualy ment the datatype in the database as you have diffrent types for numbers, dates and text... text alot of people use varchar but this means that it has a max of 255 charactors so might be worth using mediumblob instead as this supports thousands of charactors..

Regards
Liam
Link to comment
Share on other sites

Sorry, I was referring to the database datatype, but kinda mixed in my html code as well to make it confusing. :-)

Most are text, but some are varchar, but those that are varchar are <50 characters, and those don't seem to be the problem. I can type the limit in those fields and it works, the problem seems to be with the textarea fields that have a text datatype. Even though the database can handle it, it seems not to get saved if over a certain amount of characters.



Just a note: I am going camping for the weekend, so I probably wont respond until sunday. But thanks for the help so far guys!

Link to comment
Share on other sites

Riche it looks like you need to have it print out the SQL error, I'm not sure how you're executing it, but if you're just using mysql_query then change it to:
[code]
$result = mysql_query($query) or die (mysql_error());
[/code]
Something to that affect should print errors that are returned.  If that doesn't help, please show us what the query is if you echo it out and also the code that assembles and executes the query.
Link to comment
Share on other sites

Alright, I added a bunch of error outputs to my code. Now all I have to do is wait to test it. Here is what it looks like now. (I shortened the  mssql_query a bit so it didn't take up so much room)
[code]
if ($_POST["action"] == "Load")
{
$folder = "../images/reviews/";
move_uploaded_file($_FILES["filep"]["tmp_name"] , "$folder".$_FILES["filep"]["name"]);
chmod("$folder".$_FILES["filep"]["name"],0644);
echo "<p align=center>File ".$_FILES["filep"]["name"]." uploaded.<br />";

$link = mysql_connect("$host", "$user", "$pass") or die ("Could not connect to Database. Error: " . mysql_error());
$db_select = mysql_select_db("$db") or die("Could not select database" . mysql_error());
$result = mysql_query("INSERT into reviews (Title, Release_Date) VALUES('$Title', '$Release_Date')") or die ("Could not copy" . mysql_error());


if($link) { echo "Connected to Database...<br />"; }
if($db_select) { echo "Database Selected...<br />"; }
if($result) { echo "Review uploaded successfully...<br />"; }

}
[/code]
Link to comment
Share on other sites

Well, I tested out the script today, and I got an error message this time.

Basically it said there was a syntax error in:, and starting outputting some of my text in the movie description. I noticed it starting the output on 's, so I tried taking out the ' on the 's, and resubmitted it and it worked. Now that's weird! How am I supposed to type we're, shouldn't, couldn't, don't, or any other word, or name that uses a single quotation mark ( ' )

Any Ideas why this gives an error. It sounds kinda fishy that that would be a problem. There has to be something wrong with my code. Can anyone see anything, or have any ideas?

(Just to note, I went into phpmyadmin, and readded the '  But I don't want to do that everytime)
Link to comment
Share on other sites

Alright, I found a page here: http://www.webmasterstop.com/63.html that seems to talk about the same problem I have. It goes on, and on about something called magic quotes, and a function called addslashes() but I think this page is the best thing I found so far. I am going to try some things in this page and let you guys know whats going on.

EDIT: Alright, I just had to add addslashes() to each variable I assigned to the text fields, and it works ok. If I were to echo a variable before I addslashes() I would get, "It's fun". After addslashes() it would say, "It\'s fun". But it does not copy the slash to the database. It copies the normal text, so no other editing has to be made! Problem solved.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.