0

I have a form where the fields are filled in and the are submitted which adds all this to a table in an SQL database. To do this I have a short PHP script that takes all the post values and then inserts them to the database. One of the fields in the submitted form is over 7000 letters long and it will not submit. It will submit if I clear the description box which is the 1 where the text is over 7k characters. I can add all these details manually to the database and they are displaying on the website as they should. The problem is with the description being this long. Is there a way to sort this out or is there a limit on the amount of letters there can be? this is the code from the insertpost.php. This is the page that gets called when the form is submitted 

        $Title = $_POST['title'];
    $LinkTitle = $_POST['linktitle'];
    $Category = $_POST['category'];
    $SubCategory = $_POST['subcategory'];
    $MainPic = $_POST['mainpic'];
    $Description = $_POST['Description'];
    $Main = $_POST['maintext'];
    $Featured = $_POST['featured'];
    $thumb = $_POST['thumbnail'];

    include 'phpincludes/dbconnection.php';

    $insertSQL = "INSERT INTO Posts (ID,Title,LinkTitle,MainPicture,ViewCount,Description,Maintext,Type,Featured,category,thumbnail) 
    VALUES('','$Title','$LinkTitle','$MainPic','0','$Description','$Main','$SubCategory','$Featured','$Category','$thumb')";

    $db->query($insertSQL)
Peter O.
  • 32,158
  • 14
  • 82
  • 96
Dan Hastings
  • 3,241
  • 7
  • 34
  • 71
  • duplicate: http://stackoverflow.com/questions/3189040/what-is-the-maximum-length-of-a-string-in-php – pzirkind Jan 03 '13 at 22:11
  • 3
    SQL Injection: [read about it](http://en.wikipedia.org/wiki/SQL_injection). – PeeHaa Jan 03 '13 at 22:12
  • 2
    **WARNING!** Your code contains an [SQL injection vulnerability](http://en.wikipedia.org/wiki/SQL_injection) -- you are passing raw, unfiltered, unvalidated user input directly into an SQL string. SQL injection is [very easy to fix](http://stackoverflow.com/q/60174/168868). Consider [switching to PDO](http://php.net/book.pdo) or [mysqli](http://php.net/book.mysqli) so you can use [prepared statements with parameterized queries](http://en.wikipedia.org/wiki/Prepared_statement). Heck, based on the way you're calling the database, you probably already *are* using one of those... – Charles Jan 03 '13 at 22:14

2 Answers2

2

Yes there is a limit, you find it documented in the PHP manual for string http://php.net/string :

Note: string can be as large as 2GB.

This requires that you have allowed PHP to use that much memory. Which is not always possible to configure based on operating system. For more details, I can suggest the beginning of my blog post: Protocol of some PHP Memory Stretching Fun.

hakre
  • 193,403
  • 52
  • 435
  • 836
0

As haskre suggests, the is a limit on a string in PHP however its quite big and 7000 characters should not be causing an issue. There is also a more stringent limit on field sizes in MySQL however we can ignore this as you said you can save the entries directly into MySQL and they display fine.

You need to find out why it's not inserting. I suspect that you have a character in your 7000 characters that is breaking it, maybe a quote symbol or something that you need to escape.

Run your script again with 7000 characters in the and print out the MySQL error so that you can debug and resolve.

To print out the error from MySQL you can use *mysql_error()*. More information on this can be found in the php manual.

Happy
  • 806
  • 4
  • 7