Closed Thread Icon

Topic awaiting preservation: Textarea to SQL (Page 1 of 1) Pages that link to <a href="https://ozoneasylum.com/backlink?for=29188" title="Pages that link to Topic awaiting preservation: Textarea to SQL (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: Textarea to SQL <span class="small">(Page 1 of 1)</span>\

 
Orion
Nervous Wreck (II) Inmate

From:
Insane since: Aug 2006

posted posted 05-05-2007 14:00

Hmmm very simple question but kinda stumped... Basically I have a textarea in a form that i'm trying to insert into sql the information consists of multiple paragraphs:


BLAH BLAH BLAH etc.

BLAH BLAH.

So I retrieve it like a normal text input via:

$text = $_POST['textarea'];

but an error occurs disallowing it to insert. Is it because there's paragraphs in the way? Is there a way to solve this... I've tried Magic Quotes but doesn't seem to be the answer. Can anyone enlighten me?

Skaarjj
Maniac (V) Mad Scientist

From: :morF
Insane since: May 2000

posted posted 05-05-2007 16:36

Uhh... you've got a test field, and you're just trying to insert it straight into an SQL statement to be executed on your database? I'd suggest, if this is the case, that you spend some time looking into "SQL Injection" and why this is definitely a bad thing.


Justice 4 Pat Richard

Orion
Nervous Wreck (II) Inmate

From:
Insane since: Aug 2006

posted posted 05-05-2007 23:11

oh sorry sorry... i do have the rest of the code:


//Connecting
$obj_database = new db();
$obj_database->connect($db_user, $db_pass, $db_database);

//Getting Variables
$text = $_POST['textarea'];

//Inserting to SQL
$query = "INSERT INTO restaurants VALUES ('', '', '', '', '', '$text')";
mysql_query($query);

//Closing Database
mysql_close();


pretend the other '' are filled in.. its pretty long but that's how i insert it

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 05-05-2007 23:50

so... what's the actual output of php->mysql_error()

Orion
Nervous Wreck (II) Inmate

From:
Insane since: Aug 2006

posted posted 05-06-2007 10:17

well there's no error but the insert doesn't go in


by using
mysql_query($query) or die("Cannot Perform Query");

the page will display Cannot Perform Query

Skaarjj
Maniac (V) Mad Scientist

From: :morF
Insane since: May 2000

posted posted 05-06-2007 10:31

If it reaches a condition of die() then there should be a message waiting in mysql_error. Change your function line to look like this:

code:
mysql_query($query) or die("Error in query $query: ".mysql_error());




Justice 4 Pat Richard

paritycheck
Bipolar (III) Inmate

From: you tell me
Insane since: Mar 2004

posted posted 05-07-2007 13:47

The last time I had such a problem was when the insert query had teh wrong number of elements. Did you double check that just in case...

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 05-07-2007 16:19

some error checking might help as well

Orion
Nervous Wreck (II) Inmate

From:
Insane since: Aug 2006

posted posted 05-07-2007 22:08

yup seemed to be the problem... I created too many fields when i created the table sorry

twItch^
Maniac (V) Mad Scientist

From: Denver, CO, USA
Insane since: Aug 2000

posted posted 05-08-2007 18:44

For what it's worth, whenever you're developing a dynamic site, it's a good idea to manage your error handling. FAR too many times I've come across dynamic sites that, upon breaking in this that or the other thing, I get something that tells me what fields are being modified in the table, the table name, the data structure--more than enough for me to use to break the system on purpose.

I would highly recommend that you look into developing an errorHandler class structure that is triggered on every error that your system outputs. Write it to a log file, include all the details you need, plus some, and manage it that way.

mysql_error() is great in testing environments, when you want a quick response to why your SQL isn't working, but you should make it as difficult as possible for malicious users to destroy your system.

-steve

Tyberius Prime
Maniac (V) Mad Scientist with Finglongers

From: Germany
Insane since: Sep 2001

posted posted 05-09-2007 10:04

and learn sql - you should always use insert into table (field,field,field) VALUES ( '','',''), to guard against schema changes.

« BackwardsOnwards »

Show Forum Drop Down Menu