0

Sample Code:

mysqli_query($conn, "INSERT INTO tablename(id, studentname, class) VALUES('".$sid."', '".$sn."', '".$class."');

Data Being Entered: 

0123456 Simon Phillips DES103

0231242 Carly Jones    PRG443

1232122 Peter Willson  HCN101

In the Table it shows this:

0123456 BLANK DES103

BLANK BLANK PRG443

BLANK Peter Willson BLANK

*BLANK is simply an empty cell, the word is used to demonstrate visually that it is empty in the cell.

However most of the time it works fine... There is no problems... then maybe 2-3 times a week data is not inserting properly. I am at a loss to why this happens. The code is not changing, and it makes me wonder if the server is the problem or something?

Any ideas or possible solutions welcomed.

Dipen Shah
  • 1,911
  • 10
  • 29
  • 45
Simon Phillips MSc IS
  • 1
  • 2
  • 1
    I suspect the problem would be elsewhere. The one line of code shown, aside from being open to SQL injection attacks and quoting errors, wouldn't behave differently from one execution to another. – David Sep 28 '15 at 15:08
  • I agree, to be a bit more specific: $sid = htmlspecialchars($_POST['sid'], ENT_QUOTES); The usual normal connection script is used... I know the code is fine. I am also stripping out any ' " - _ from names etc... Is it possible that a server can max out the number of variables being sent to it and if it hits the max, could it start missing data on input? If that makes sense? – Simon Phillips MSc IS Sep 28 '15 at 15:09
  • 1
    Is there error handling for the mysqli operations in your script? Is the payload data in $id, $sn, $class properly encoded via escape_string? – VolkerK Sep 28 '15 at 15:10
  • Take care about bob table – rray Sep 28 '15 at 15:11
  • I enabled error logs on the Bluehost server and it is not creating any errors logs when the page is run over a week period yet the data is not inserting right. – Simon Phillips MSc IS Sep 28 '15 at 15:13
  • 1
    I mean error handling like e.g. (minimalistic) `$result=mysqli_query(....); if (!$result) { trigger_error('some text', E_USER_ERROR); }` And encoding like `$sn=mysqli_real_escape_string($conn, $theRawSource);` .? – VolkerK Sep 28 '15 at 15:16
  • VolkerK after your response I looked up mysqli_real_escape_string vs htmlspecialchars and came across this article: http://stackoverflow.com/questions/17166905/should-i-use-htmlspecialchars-or-mysql-real-escape-string-or-both I am going to try these things and if problem continues I will come back. I have just learned some new things. I appreciate the help! Thanks! – Simon Phillips MSc IS Sep 28 '15 at 15:22
  • Yeah I did check the length of data and all that you said. I actually did not understand properly until today that there is an actual process of things that must be done before insertion and i should stop using mysqli and start using pdo... I am going to do that. all thanks to VolkerK... (thanks friend). :) – Simon Phillips MSc IS Sep 28 '15 at 15:54
  • Ryan at this point I am switching because I want to see if there is a difference, plus to see if it actually fixes the blank entries. (using a test table). If it works I will then switch 100% to pdo. I appreciate your feedback. Thanks – Simon Phillips MSc IS Sep 28 '15 at 16:01
  • "always use: emulates_prepares: true" - Why's that? There have been problems esp. with the mysql query cache, but ... that's history. – VolkerK Sep 28 '15 at 16:54
  • Do you have an article I can read on that VolkerK? I would love to do some research on that. Thanks. :) – Simon Phillips MSc IS Sep 28 '15 at 22:09

0 Answers0