-4

I've the following PHP executable, which is executed after a form is submitted.

<?php
{
mysql_connect("localhost","root","mypass");
mysql_select_db("mydb");
$myinput= $_POST['myinput'];
$result=MYSQL_QUERY("INSERT INTO mydb (myinput)".
"VALUES ('$myinput')");
mysql_close();
}
?>

Its working with short phrases, and numbers (approx 10 characters). But if I want to insert 150 character it just creates a blank line in the table.

The table has the following values: Type: LongText (I only need alphabetic characters, no numbers)

I see nothing in syslog , no errors there.

EDIT: I've noticed that if the input has a "whitespace/blankspace" in the end it will be posted no matter what the size is.

FE

This doesnt work, isnt imputed: "This is a long inputed text with xxx characters"

This works (Is inputed): "This is a long inputed text with xxx characters " (Notice the blankspace in the end)

EDIT2: My current php executable (welcome.php)

<?php
{
mysql_connect("localhost","root","my_pass");
mysql_select_db("my_db");
$variable = mysql_real_escape_string($_POST['variable']);
$result=MYSQL_QUERY("INSERT INTO `mydb_table` (`variable`) VALUES ('".$variable."')");
mysql_close();
}
?>

and this is the form which is inputing the data

<div id="create" ng-controller="Controller as vm" ng-show="accounts.mode === 'do-seed'">
        <form action="welcome.php" method="post" id="seed-form" name="accountSeedForm">

          <button id="generate" class="Button fade" ng-click="vm.generateSeed()" type="button">CREATE SEED</button>
          <br/><br/>
          <div class="form-field">
            <label for="variable">variable</label>
            <br/>
            <textarea id="variable" rows="4" name="variable" class="InputR" xxxxxxxxxxxxxxxxxxx></textarea>
            <span class="clipSpan" tooltipster tooltip-theme="tooltipster-theme1" title="Copy the seed to the clipboard." data-clipboard-target="#xxxxSeed" data-clipboard-message-success="xxxxxx successfully copied to clipboard" ></span>
            <br/>
          </div>
          <br/>

          <div class="wPop-content">
            <div>ADDRESS
              <br/>
              <span>{{vm.displayAddress}}</span>
            </div>
          </div>
          <button class="wButton fade" type="submit">REGISTER ACCOUNT</button>
          <span class="divider-2"></span>
          <button class="wButton fade" type="reset" ng-click="vm.back()">BACK</button>
          </div>
        </form>
      </div>
romanturbo
  • 87
  • 1
  • 8
  • 2
    FYI, [you shouldn't use `mysql_*` functions in new code](http://stackoverflow.com/questions/12859942/). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://php.net/manual/en/function.mysql-connect.php)? Learn about [*prepared statements*](https://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide which one is best for you. – John Conde Jul 31 '17 at 11:37
  • 2
    Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde Jul 31 '17 at 11:37
  • 1
    You have an obvious error in your SQL. Fix it and you'll get values in your DB but you'll also be open to SQL attacks. Your choice which is worse. – John Conde Jul 31 '17 at 11:38
  • But it works, only for short inputs but it works... I know about the security issues. Im just trying to learn and cant figure why is not working with long inputs – romanturbo Jul 31 '17 at 11:39
  • This issue is with your database definitions.. Check your schema. You'll have to increase the number of characters for that column. Example : varchar(255) – Rotimi Jul 31 '17 at 11:39
  • Also have a look at how you have designed your table infrastructure. What kind of fields are you table rows? TEXT can contain large chunks of data. VARCHAR(10) for example allows up to 10 characters. – Ole Haugset Jul 31 '17 at 11:40
  • ALTER TABLE mydb ALTER COLUMN myinput VARCHAR (150) NULL; – Shafiqul Islam Jul 31 '17 at 11:41
  • Nope, i changed to VARCHAR and increased to (255) but I keep getting a blank line – romanturbo Jul 31 '17 at 12:02

2 Answers2

1

if your table schema varchar then i think your filed limit set 10; so update 

ALTER TABLE mydb ALTER COLUMN myinput VARCHAR (150) NULL;

if you do not want to null then 

ALTER TABLE mydb ALTER COLUMN myinput VARCHAR (150);

and also update your query

$myinput = mysql_real_escape_string($_POST['myinput']);    
$result=mysql_query("INSERT INTO `mydb` (`myinput`) VALUES ('".$myinput."')");

hope you can insert 150 , if you want to insert more then update VARCHAR length

Shafiqul Islam
  • 5,570
  • 2
  • 34
  • 43
0

I thing you should check the column size and type. use this

ALTER TABLE mydb ALTER COLUMN myinput VARCHAR (255);
Ashish Mishra
  • 412
  • 4
  • 5
  • The comments on the question can tell you that the asker has tried that and it didn't work. I suggest reading the [answer] page, it contains useful tips on giving great answers. – ItamarG3 Jul 31 '17 at 14:46
  • Ive already done that, but doesnt seem to work. – romanturbo Jul 31 '17 at 16:51