Jump to content

Recommended Posts

I've spent the past 2 days googling and trying different methods that people have recommended other people try yet still I come up with the same problem.  I am new to coding and I am learning the basic functions so all feedback is welcome in aiding my learning endeavor.  I am using a form and all of the inputs are submitting to the database other than the text area which comes up blank.  I do not get an error when submitting the form I just get a blank value for the text area 'Comments'.

 

FORM

 

<form action="contactdb.php" method="post" form="contactdb"/>
<input type="hidden" name="formID" value="Contact" />
<input type="hidden" name="redirect_to" value="http://www.cavalierchampions.com" />
 
<label>Name:</label><br>
<input type="text" name="Name" size="30" maxlength="100" value="Your Name"><br>
<label>E-mail:</label><br>
<input type="text" name="E-Mail" size="30" maxlength="100" value="Your E-Mail"><br>
<label>Website:</label><br>
<input type="text" name="Website" size="40" maxlength="150" value="Your Website"><br>
<label>Comment:</label><br>
<textarea name="Comments" rows="4" cols="40" id="Comments" form="contactdb"><?php echo $Comments;?></textarea><br><br>
<input type="submit" value="Send">
<input type="reset" value="Reset">
</form>
 
CONTACTDB.PHP
$value = $_POST['Name'];
$value2 = $_POST['E-Mail'];
$value3 = $_POST['Website'];
$value4 = $_POST['Comments'];
 
$sql = "INSERT INTO `contact` (`Name`, `E-Mail`, `Website`, `Comments`) VALUES ('$value', '$value2', '$value3', '$value4')";
 
 
 
As noted above I get returned values for $value, $value2, and $value3 but not $value4 (The 'Comments' text area)
Link to comment
https://forums.phpfreaks.com/topic/290064-textarea-not-displayed-in-mysql-db/
Share on other sites

Please sanitize your data using mysqli_real_escape_string before sending it to the database:

$value = $_POST['Name'];

should be:

$value = mysqli_real_escape_string ( $link , $_POST['Name'] );

where link is the link to your DB. Same for all the variables you write to your database. Not doing so leaves your site wide open to attacks by hackers.

I tried the above corrections and I'm still lost as it is not working and when I use the sanitize escape string no values are posted to the DB.

 
 
 
 
As you can see for ID 3 and ID 4 nothing was returned to the DB when I add the escape string and the comments is still empty.

whatever method you are using to view the end result is likely where the problem is at.

 

i'm going to guess you are trying to output the content of the Comments database column using a value="..." attribute. that's not how <textarea></textarea>'s work. you need to output the content of the database column between the  <textarea>output goes here</textarea> tags.

 

for the escape string function you use, you need to do that right before you put the data into your mysql query statement (or use prepared queries) and you need to use the escape string function from the same set of database functions you are using in your code to run the query.

I am using phpmyadmin to view the DB.

I feel like the escape string is consistent with what you are saying, it is before the insert and it is defined as part of the value.  For the <textarea>output goes here</textarea> I'm a little confused by what you mean.  I have the echo command in between the text area and from my understanding of what you are saying that is incorrect.  I remember reading something about values can't be assigned to text area's but i could be mistaken but every example i've seen has the text area setup as followed:

 

 

$link = mysql_connect (DB_HOST, DB_USER, DB_PASSWORD);

 

if (!$link) {

die('Could not connect: ' . mysql_error());

}

 

$db_selected = mysql_select_db(DB_NAME, $link);

 

if (!$db_selected) {

die('Can\'t use ' . DB_NAME . ': ' . mysql_error());

}

 

echo "<pre>";

print_r($_POST);

echo "</pre>";

 

 

$value = mysqli_real_escape_string ( $link , $_POST['Name'] );

$value2 = mysqli_real_escape_string ( $link , $_POST['E-Mail'] );

$value3 = mysqli_real_escape_string ( $link , $_POST['Website'] );

$value4 = mysqli_real_escape_string ( $link , $_POST['Comments'] );

 

$sql = "INSERT INTO `contact` (`Name`, `E-Mail`, `Website`, `Comments`) VALUES ('$value', '$value2', '$value3', '$value4')";

 

 

if (!mysql_query($sql)) {

die('Error: ' . mysql_error());

}

 

mysql_close();

 

?>

 

 

I removed some of the other input types to focus on the text area..

 


<form action="contactdb.php" method="post"/>

<input type="hidden" name="formID" value="Contact" />

<input type="hidden" name="redirect_to" value="http://www.cavalierchampions.com" />

 

<textarea name="Comments" rows="4" cols="40" id="Comments"><?php echo $Comments;?></textarea><br><br>

<input type="submit" value="Send">

<input type="reset" value="Reset">

</form>

Edited by infinitix

your current code is mixing mysql_ (no i) and mysqli_ (with an i) functions. you cannot do that (if you want it to work.) if your current code is inserting all empty values, it is because of this mixing of different functions (the mysqli functions are returning null values since there is no mysqli connection in place.)

 

sort the current problem out, by using all the same type of database functions and see if it works with the other changes in place.)

I removed the ( "i" ) from the escape strings, still empty in the database and upon submitting the form this is displayed again:

 

Array
(
[formID] => Contact
[redirect_to] => http://www.cavalierchampions.com
[Name] => Your Name
[E-Mail] => Your E-Mail
[Website] => Your Website
[Comments] => test
)

 

I checked the collation and everything to see if that may effect it, the collation is set to utf8_general_ci

if you are currently still getting empty values for the four columns in the database table, it's because the parameter usage for the mysql_real_escape_string() function is different form the mysqli_real_escape_string() function. the $link would be the second parameter, not the first.

 

to muddy the water even more, the mysql_ (no i) functions are depreciated and will be removed in an upcoming php release. you should be learning the mysqli_ or PDO database library functions, which are not obsolete.

 

if you had php's error_reporting set to E_ALL and display_errors set to ON, php would help you by reporting and displaying all the errors it detects. all the mismatched mysql/mysqli and $link parameter usage would be producing php errors. in fact, if you are using a high enough php version, the mysql_connect() statement would be giving you a depreciated error message.

Mac first off, I appreciate the help a lot man. I'm going to the library tomorrow in hope to find a relevant book that I can learn some Mysqli and PDO. If I'm going to do this I want to do it right :) Any books or learning materials that you suggest for a beginner as myself?

Keep away from MySQLi. It's cumbersome as hell and of course limited to the MySQL database system. PDO, on the other hand, is a universal database interface with a very nice API.

 

Don't let the seeming similarity of the mysqli_* functions and the old mysql_* functions fool you: Switching to MySQLi is not as easy as adding an “i”. It requires you to rewrite the entire database code and get rid of several bad habits like stuffing dynamic values into query strings. So you might as well do it right and jump straight to PDO.

 

Check out this PDO tutorial.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.