Topic: Textarea to SQL (Page 1 of 1)

Hmmm very simple question but kinda stumped... Basically I have a textarea in a form that i'm trying to insert into sql the information consists of multiple paragraphs:


BLAH BLAH BLAH etc.

BLAH BLAH.

So I retrieve it like a normal text input via:

$text = $_POST['textarea'];

but an error occurs disallowing it to insert. Is it because there's paragraphs in the way? Is there a way to solve this... I've tried Magic Quotes but doesn't seem to be the answer. Can anyone enlighten me?

Uhh... you've got a test field, and you're just trying to insert it straight into an SQL statement to be executed on your database? I'd suggest, if this is the case, that you spend some time looking into "SQL Injection" and why this is definitely a bad thing.


Justice 4 Pat Richard

oh sorry sorry... i do have the rest of the code:


//Connecting
$obj_database = new db();
$obj_database->connect($db_user, $db_pass, $db_database);

//Getting Variables
$text = $_POST['textarea'];

//Inserting to SQL
$query = "INSERT INTO restaurants VALUES ('', '', '', '', '', '$text')";
mysql_query($query);

//Closing Database
mysql_close();


pretend the other '' are filled in.. its pretty long but that's how i insert it

so... what's the actual output of php->mysql_error()

well there's no error but the insert doesn't go in


by using
mysql_query($query) or die("Cannot Perform Query");

the page will display Cannot Perform Query

If it reaches a condition of die() then there should be a message waiting in mysql_error. Change your function line to look like this:

mysql_query($query) or die("Error in query $query: ".mysql_error());

Justice 4 Pat Richard

The last time I had such a problem was when the insert query had teh wrong number of elements. Did you double check that just in case...

some error checking might help as well

yup seemed to be the problem... I created too many fields when i created the table sorry

For what it's worth, whenever you're developing a dynamic site, it's a good idea to manage your error handling. FAR too many times I've come across dynamic sites that, upon breaking in this that or the other thing, I get something that tells me what fields are being modified in the table, the table name, the data structure--more than enough for me to use to break the system on purpose.

I would highly recommend that you look into developing an errorHandler class structure that is triggered on every error that your system outputs. Write it to a log file, include all the details you need, plus some, and manage it that way.

mysql_error() is great in testing environments, when you want a quick response to why your SQL isn't working, but you should make it as difficult as possible for malicious users to destroy your system.

-steve

and learn sql - you should always use insert into table (field,field,field) VALUES ( '','',''), to guard against schema changes.