post method not sending full text

Question

i have a stored procedure to send and fetch blog data to database at the same time:

CREATE DEFINER=`root`@`localhost` PROCEDURE `post_and_fetch_ans`(
    IN answerbody longtext,
    IN postid int,
    IN answerer int)
BEGIN
   INSERT INTO `login`.`answers` (answer_body,userpost_post_id,users_user_id) VALUES (answerbody,postid,answerer);
   SELECT * FROM `login`.`answers` WHERE userpost_post_id = postid  ORDER BY answer_date DESC LIMIT 1;
END

But my problem is the amount of text data i write on the text editor ,only a few lines are send and store to the database.I am using ajax to send the data to a php page which will store it to database .

$('#answerform').submit(function(event){
   event.preventDefault();
   var data='answer_body='+CKEDITOR.instances.content.getData()+'&userpost_post_id=<?php echo $contents[0]->post_id;?>&users_user_id=<?php echo $userdata->user_id; ?>';
   alert(data);

   $.ajax('../includes/verifyanswer.php',{
        data:data,
        type:"POST",
        datatype:'json',
        success:function(response){
            alert(response);

            var obj=$.parseJSON(response);

            $('#mainanswer').hide();
            $('#answerform').hide();
            $('#answerthisquestion').show();
            var str="<div class='styleanswer' >"+obj[0]['answer_body']+'</div><hr>';

            $('#answerwrapper').append(str);
            $('#answerwrapper pre code').each(function(i, block) {
                hljs.highlightBlock(block);
            });
        },
        error:function(response){
            alert(response);
        }
    });
}); 

and verifyanswer.php page is :

require_once '../core/init.php';
$answer=$_POST['answer_body'];

$post_id=$_POST['userpost_post_id'];
$answerer=$_POST['users_user_id'];

if(isset($answer,$post_id,$answerer)){
    if(!empty($answer) && !empty($post_id) && !empty($answerer)){
        $db = DB::getInstance();
        $result = $db->post_and_fetch("CALL login.post_and_fetch_ans(?,?,?)",array($answer,$post_id,$answerer))->result();
        echo json_encode($result);
    }
}

this line

$answer=$_POST['answer_body'];

contains only the partial (very less than actual text) text ,not the full text.So less text is stored in database

an example of the problem is

i send this amount of text to store in DB

but i get only this few lines of text stored in DB

Congratulations to Mathematics SE for being the first site to unlock this hat, less than 18 hours into the event! Also to Code Review SE and Blender SE for technically needing only three users each to get this hat (i.e. at the time that the hat was earned, one user had 16 or more hats, and two other users had enough hats that the first user didn

Answer 1

Few options come to mind.

1. The apostrophe may be ending your SQL statement. You will need to escape it.

2. The field that you're trying to store your data in is too small.

Answer 2

Problem

As others have mentioned, the problem is caused by special characters in your answer body. The current way you are storing your answers causes special characters to interfere with the SQL commands and leaves you vulnerable to SQL injections.

Solution 1

You can use mysqli_real_escape_string in PHP.

mysqli_real_escape_string - Escapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection

mysqli_real_escape_string

Solution 2 (Better)

You can fix your problem and prevent SQL Injection by using prepared statements with bound parameters. Check this other SO answer to learn more.

Answer 3

You're not properly encoding the POST data in the Javascript code. Instead of concatenating strings, set the data: option to an object, and jQuery will encode it properly.

var data = {
    answer_body: CKEDITOR.instances.content.getData(),
    userpost_post_id: <?php echo $contents[0]->post_id;?>,
    users_user_id: <?php echo $userdata->user_id; ?>
};