0

I am working on a development website which involves users posting their favourite content of their book on to the webpage and all the data gets stored in the database and gets displayed on the website. However whenever i try to post big paragraphs using the form I created and php scripts which processes the form, it doesn't give any error but it doesn't store the values to the database as well. It works okay if the content to process is short. Please help me the code is below. Any suggestions would be appreciated.

<?php
$hostname = "localhost";
$username = "root";
$password = "";
$database = "library";
$conn = mysql_connect($hostname,$username,$password)or die('Cannot connect');
mysql_select_db("library", $conn);
?>

<?php
$title = $_POST['title'];
$author = $_POST['author'];
$content = strval($_POST['content']);
$description = $_POST['description'];
$category = $_POST['category'];

if (isset($title) && !empty($title)){
    $sql = "INSERT INTO books(title,author,description,content,category) VALUES('$title','$author','$description','$content','$category')";
    mysql_query($sql);
    echo 'Successfully Added the book'."<a href='/'><br>Check it out here<a>";
}
else{
    echo 'Title is missing';
}
?>

Thanks.

Sameer Ali
  • 1
  • 2
  • 1
    It's more likely failing if the content contains an `'` character.... I suggest you start learning about prepared statements/bind variables with MySQLi or PDO before somebody suggests simply escape the values – Mark Baker Dec 04 '15 at 23:31
  • How can i potentially fix this error so it processes the content which contains '. Thanks for the reply and helping me out – Sameer Ali Dec 04 '15 at 23:36
  • How does your tables `CREATION CODE` look like? – jankal Dec 04 '15 at 23:37
  • also make sure the column's length is long enough to accommodate the data. – Funk Forty Niner Dec 04 '15 at 23:41
  • Thanks all the issue have been fixed using mysql_real_escape_string method. Thanks all – Sameer Ali Dec 04 '15 at 23:42
  • If as Mark said that you data contains characters that MySQL may be complaining about, well you're not checking for those errors. Look up the following URL http://php.net/manual/en/function.mysql-error.php and apply it to your query. – Funk Forty Niner Dec 04 '15 at 23:42

1 Answers1

0

First, please use PDO - if not, at least escape your POST arguments using mysql_real_escape_string:

$title = mysql_real_escape_string($_POST['title']);
$author = mysql_real_escape_string($_POST['author']);
$content = mysql_real_escape_string($_POST['content']);
$description = mysql_real_escape_string($_POST['description']);
$category = mysql_real_escape_string($_POST['category']);

Furthermore, strval is not sufficient to escape the $_POST['content'] for use in a SQL query, mysql_real_escape_string is (as above) better.

Once you resolve those:

Two potential places where this could fail (that I can think of)

  • Are you hitting a PHP memory limit? Check your server's error logs to see, you may be able to increase the memory limit.

  • Are you sure that the column you're saving the data into in MySQL can store this much data? If not you should be getting a MySQL errors (see http://php.net/manual/en/function.mysql-error.php

Aric Watson
  • 126
  • 6