1

I'm using a simple html-form and PHP to insert Strings into mySQL Database, which works fine for short strings, not for long ones indeed.

Using the phpmyadmin I'm able to insert Strings of all lengths, it's only doesn't work with the html file and PHP.

Will appreciate every kind of help, would love to learn more about this topic...

Thank you all a lot in advance and sorry if the question is to simple...

There are two very similar questions, I found so far... unfortunately they couldn't help:

INSERTing very long string in an SQL query - ERROR
How to insert long text in Mysql database ("Text" Datatype) using PHP

Here you can find my html-form:

<html>
<body>

    <form name="input" action = "uploadDataANDGetID.php" method="post">

            What is your Name? <input type="text" name="Name"><br>
            Special about you? <input type="text" name="ThatsMe"><br>

            <input type ="submit" value="Und ab die Post!">

    </form>

</body>
</html>

and here is the PHP-Script named uploadDataANDGetID.php :

<?php


    $name = $_POST["Name"];
    $text = $_POST["ThatsMe"];

    $con = mysql_connect("localhost", "username", "password") or die("No connection established.");

    mysql_select_db("db_name") or die("Database wasn't found");


    $q_post = mysql_query("INSERT INTO profiles VALUES (null, '{$name}' ,'{$text}')");
    $q_getID =mysql_query("SELECT ID FROM profiles WHERE Name = '{$name}' AND ThatsMe = '{$text}'");


    if(!$q_post) // if INSERT wasn't successful...
    {
        print('[{"ID": "-3"}]');
        print("uploadDataAndGetID: Insert wasn't successful...");
        print("about ME: ".$text);  
    }

    else // insertion succeeded
    {
        while ($e=mysql_fetch_assoc($q_getID))
        $output[]=$e;

        //checking whether SELECTion succeeded too...

        $num_results = mysql_num_rows($q_getID);

        if($num_results < 1)
        {
            // no such profile available
            print('[{"ID": "-1"}]');
        }
        else
        {
            print(json_encode($output));
        }
    }

    mysql_close();
?>

Thank you guys!

Community
  • 1
  • 1
lifelover
  • 13
  • 1
  • 3
  • can you also post what error you get and your table description ? – Jayaram Feb 10 '14 at 21:03
  • also, if you want to get the ID of the new iserted row, you should use the `mysql_insert_id` function – Marek Roj Feb 10 '14 at 21:12
  • Wow, guys! Thank you all a lot for answering so fast and being so helpful! – lifelover Feb 10 '14 at 21:29
  • @Jayaram: I don't get any Errors or Exception... mysql_query just return FALSE... sorry... due to the table description: there are three attributes: ID --> INT auto_increment / Name --> LONGTEXT and ThatsMe --> LONGTEXT. – lifelover Feb 10 '14 at 21:32

2 Answers2

2

Use the newer way to connect to MySQL and use prepared statements http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php

Lothar
  • 529
  • 1
  • 5
  • 19
1

you MUST escape your strings, with mysql_real_escape_string, like this:

$name = mysql_real_escape_string($_POST['Name']);
$text = mysql_real_escape_string($_POST["ThatsMe"]);
$q_post = mysql_query('INSERT INTO profiles VALUES (null, "' . $name . '" ,"' . $text . '")');

also read about SQL injection

Marek Roj
  • 1,221
  • 8
  • 10
  • Thank you a lot Marek! It worked perfectly for me! Thank you for the Injection advice too, I will try to be as careful as possible in the future... Thanks once more! – lifelover Feb 10 '14 at 21:54
  • no problem. Please accept my answer ;) it is very important to understand the SQL Injection problem. The shortest text to break your previous code is a double quote `"` – Marek Roj Feb 10 '14 at 22:01
  • This was a terribad answer, even in 2014. NEVER use mysql_real_escape_string. Use prepared statements or escape your queries with another method. (posting this as this question is well ranked on search engnes) – Méga Lag Mar 27 '16 at 01:30
  • Thank you Marek. Real-life saver. Finally my hours of frustration ends. I can finally finish my course project :) – user3326078 Jan 04 '19 at 10:02