emmavt Posted March 9, 2013 Share Posted March 9, 2013 I am using a mysqli_query to insert text into a VARCHAR field field any any words after the whitespace are dropped when I pull from the database. I modified the field to be TEXT or BLOB and the same thing happens. I am not sure if it the text is being trimmed out when going into the database or coming out. Unfortunately, I cannot see the data in the database besides doing a query because we do not have anything like myPHP Admin. Any thoughts code below. $sql="UPDATE date_tbl SET dt_startDate='$_POST[dt_startDate]', dt_endDate='$_POST[dt_endDate]', dt_headline='$_POST[dt_headline]', dt_text='$my_text', dt_tag='$_POST[dt_tag]', dt_media='$_POST[dt_media]', dt_thumbnail='$_POST[dt_thumbnail]', dt_credit='$_POST[dt_credit]', dt_caption='$_POST[dt_caption]' WHERE dt_id ='$_POST[dt_id]'"; if (!mysqli_query($con,$sql)) { die('Error: ' . mysqli_error()); } echo "$my_text"; echo "1 record updated"; mysqli_close($con); Quote Link to comment Share on other sites More sharing options...
Jessica Posted March 9, 2013 Share Posted March 9, 2013 Use {$_POST['field']} And then google SQL injection and sanitizing data. Quote Link to comment Share on other sites More sharing options...
emmavt Posted March 9, 2013 Author Share Posted March 9, 2013 I tried the code it was accepted by my editor as correct syntax but then got an error on the back side on the server. Could it be the table Engine type such as ? Wondering if I need to make sure it is MyISAM. I may try the code on a diferent server where I can see the backend. Quote Link to comment Share on other sites More sharing options...
Jessica Posted March 9, 2013 Share Posted March 9, 2013 what error? What code? Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted March 10, 2013 Share Posted March 10, 2013 <?php $sql = "UPDATE date_tbl SET dt_startDate='".stripslashes(trim($_POST['dt_startDate']))."', dt_endDate='".stripslashes(trim($_POST['dt_endDate']))."', dt_headline='".stripslashes(trim($_POST['dt_headline']))."', dt_text='$my_text', dt_tag='".stripslashes(trim($_POST['dt_tag']))."', dt_media='".stripslashes(trim($_POST['dt_media']))."', dt_thumbnail='".stripslashes(trim($_POST['dt_thumbnail']))."', dt_credit='".stripslashes(trim($_POST['dt_credit']))."', dt_caption='".stripslashes(trim($_POST['dt_caption']))."' WHERE dt_id ='".stripslashes(trim($_POST['dt_id']))."'"; if (!mysqli_query($con, $sql)) { die('Error: ' . mysqli_error()); } echo $my_text; echo "1 record updated"; mysqli_close($con); ?> Quote Link to comment Share on other sites More sharing options...
trq Posted March 10, 2013 Share Posted March 10, 2013 Please darkfreaks, that code is terrible. Quote Link to comment Share on other sites More sharing options...
Love2c0de Posted March 10, 2013 Share Posted March 10, 2013 As a suggestion, do all your trimming etc BEFORE you setup a query string. Kind regards, L2c. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.