1

I have created a form with a text area (called content). If the user enters data into this text area it should update the database. However, it is only doing this when what is entered into the text area is very short. How do I make it so I will send longer bits of text to the database?

Code:

<form action="" method="post" id="contenteditform">
    <textarea rows="10" cols="100" name="NewContent" form="contenteditform"> <?php echo $content; ?> </textarea>
    <input type="submit" name="button4" value="_submit" />
</form>
<?php 
if(isset($_POST["button4"]))){
    $NewContent=$_POST['NewContent'];
    $connection=new mysqli($dbhost,$dbusername,$dbpass,$dbname);
    $sql="UPDATE Approved SET Content='$NewContent' WHERE id='$id'";
    $connection->query($sql);
    $connection ->close();
};
?>
Jason Aller
  • 3,541
  • 28
  • 38
  • 38
Quantum spaghettification
  • 155
  • 1
  • 11
  • there's not really anything useful we can deduce from the information you're providing. (what kind of field in the database table are you updating? what's your code? what's the exception being thrown if applicable? etc) – Timothy Groote Jan 15 '16 at 08:14
  • 1
    It only inserts until the first `'`? You should use a prepared statement to get rid of the sql problem you have now. – jeroen Jan 15 '16 at 08:18
  • @TimothyGroote I have added the code, I am trying to write to a Long Text field, and I don't think any exceptions are being thrown its just not updating my database for long bits of text. – Quantum spaghettification Jan 15 '16 at 08:18
  • @jeroen It's not even doing that, if its longer then a given length it just doesn't update it at all. – Quantum spaghettification Jan 15 '16 at 08:22
  • where does `$id` come from? i only see a usage in your code, not where it is defined. if it is never defined, your code will indeed do nothing. – Timothy Groote Jan 15 '16 at 08:23
  • 1
    @jeroen not only that, but this code is also susceptible to sql injection (see https://xkcd.com/327/ ) – Timothy Groote Jan 15 '16 at 08:24
  • @TimothyGroote it comes from the either the url or some other code that comes before this (but it is definently defined) – Quantum spaghettification Jan 15 '16 at 08:24
  • 1
    @TimothyGroote I see I forgot the word *injection* in my comment, but yes, that is what I meant :-) And apart from that any stored value can probably wreck the html as well... – jeroen Jan 15 '16 at 08:25
  • @Quantumspaghettification i can't see any reason why this wouldn't work then, unless you're hitting a configured hard limit (http://stackoverflow.com/questions/2364840/what-is-the-size-limit-of-a-post-request) – Timothy Groote Jan 15 '16 at 08:28
  • @jeroen I think you where right about the ' comment, If I remove all of them from my unput then it does work but if there is at least one then I don't think it works at all. – Quantum spaghettification Jan 15 '16 at 08:33
  • You really need to read up on sql injection :-) – jeroen Jan 15 '16 at 08:34
  • @jeroen I know, just taking one step at a time though :) – Quantum spaghettification Jan 15 '16 at 08:35
  • Now would be a good time as it also solves your problem :) – jeroen Jan 15 '16 at 08:45

1 Answers1

2

I would recommend type TEXT to use for those kind of entries if you do not need performance on those fields. Else use very big VARCHAR. See the difference here: MySQL: Large VARCHAR vs. TEXT?. Also would recommend you to use parameterized query in your code.

Community
  • 1
  • 1
Tarik Eminagic
  • 21
  • 2
  • Thanks, I have tried this and it is still not working, any other suggestions? – Quantum spaghettification Jan 15 '16 at 08:23
  • Only other thing I can think of is that you have some limitation on package size on your mysql server. Try to search on that topic. Also as I edited my answer, you should really use parameterized query in your code, since you are opened to sql injections like this (unless this is just a sample code), and insert could break if you have chars like ' – Tarik Eminagic Jan 15 '16 at 09:00