0

i am getting SQL syntax error for long paragraph but same code is working fine for short line text. i have attached screen shot of error.!

below is my insert query code. waiting for your response.

    <?php
include('config.php'); 

if(isset($_POST['add']))
{
   echo $name=$_POST['name'];
   $description=$_POST['description'];
   $status=$_POST['status'];
   $image=$_FILES['image']['name'];
  if(isset($_FILES['image']['name']))
        {
    move_uploaded_file($_FILES['image']['tmp_name'],"gallery_files//".$_FILES['image']['name']);
    echo $image=$_FILES['image']['name'];
    }

    echo $sql="INSERT INTO test(name,description,image,status)VALUES('$name','$description','$image','$status')";
   $r=mysql_query($sql) or die(mysql_error()); 
    echo "<script>window.location = 'product.php'</script>";
    }
?>
sachin
  • 23
  • 5
  • 1
    What error are you getting ? – Jenz Oct 08 '14 at 07:19
  • where is screenshot attached of error ? – TBI Oct 08 '14 at 07:20
  • 2
    Is the text just too long for the database field? Is your database expecting e.g. VARCHAR(100) and you're trying to save a text with 200 characters? – fsperrle Oct 08 '14 at 07:21
  • Also: SQL injections! http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php And mysql_* is deprecated... Use mysqli_* or PDO instead. – fsperrle Oct 08 '14 at 07:24

1 Answers1

1

Your content probably contains quote characters, which you need to escape. You can use PHP function mysql_real_escape_string() which escapes special characters in a string for use in an SQL statement.

Try with:

$description = mysql_real_escape_string($_POST['description']);

Also make sure that the datatype is text or longtext which is used for storing large pieces of string data.

Jenz
  • 8,280
  • 7
  • 44
  • 77