0

I am trying to sort of hobby around with PHP and MySQL(i).

To be more directly I will tell what I am willing to do: I want a text area to be able to upload text in a database.

Which is easily does. But after a certain row of text it just doesnt appear in the database and no error code is given in the error log or php editing file I made.

The weird thing is that in PhpMyAdmin the query works fine.

Things to consider in your answer:

  • I tried to enlarge the max PHP upload size;
  • I tried to change the input tag to textarea and vise-versa;
  • I tried to add and/or change a max-character class to the tag in specific.

Main processing php:

if (isset($_POST['save'])) {
    $id = $_POST['id'];
    $author = $_POST['author'];
    $gct = $_POST['content'];

    mysqli_query($connect, "INSERT INTO get_content (id, content, author) VALUES ('$id', '$gct', '$author')");
    $_SESSION['message'] = "content succesfully saved";
    header('location: edit.php');
}

if (isset($_POST['update'])) {
    $id = $_POST['id'];
    $gct = $_POST['content'];
    $author = $_POST['author'];

    mysqli_query($connect, "UPDATE get_content SET content='$gct', author='$author' WHERE id=$id");
    $_SESSION['message'] = "Author updated!";
    header('location: edit.php');
}

if (isset($_GET['del'])) {
    $id = $_GET['del'];
    mysqli_query($connect, "DELETE FROM get_content WHERE id=$id");
    $_SESSION['message'] = "Content deleted!";
    header('location: edit.php');
}

HTML file for the text area:

  <div class="input-group">
    <label>Picture or text</label><br>
            <textarea id="area4" rows="20" cols="50" autofocus="autofocus" name="content"></textarea>
  </div>

No error messages are given in the error_log file or the PhpMyAdmin

Travinity
  • 1
  • Most probably your column is reaching varchar limit – Evik Ghazarian May 14 '19 at 21:53
  • Can you please explain to me why it works when I SQL it directly into the Database then? Because I tried to do so and that worked fine – Travinity May 14 '19 at 22:15
  • a single quote in the content will break the query –  May 14 '19 at 22:46
  • **Warning:** You are wide open to [SQL Injections](http://php.net/manual/en/security.database.sql-injection.php) and should really use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](http://php.net/manual/en/pdo.prepared-statements.php) or by [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Never trust any kind of input, especially that which comes from the client side. Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). – Dharman May 14 '19 at 22:48
  • [How to enable MySQLi exception mode?](https://stackoverflow.com/questions/22662488/how-to-get-mysqli-error-information-in-different-environments/22662582#22662582) – Dharman May 14 '19 at 22:49
  • I know this, thats why it is hosted locally, I am just testing out some stuff before I am going to implement it with SSL & PDO. But the problem is that it doesnt run as it is supposed to do. I tried basically everything. The problem is that every content actually works until you get past 5-6 lines of text, then it doesnt upload. for example, if i press a [enter] a [enter] a [enter for 5 rows it doesnt upload where aaaaa does.. – Travinity May 14 '19 at 23:31
  • if you used pdo and bound parameters if would fix other potential issues such as your unescaped data as well –  May 15 '19 at 00:15
  • Hmm, I will check into that then, as far as I know the issue is somewhere in the uploader, and recreating this with pdo would give the same issue as its probably somewhere in processing it – Travinity May 15 '19 at 01:24
  • what "uuploader" its a raw post unless there is something you are not sharing –  May 15 '19 at 01:52

1 Answers1

-1

do you what sql datatype(text,varchar) and legth you used when setting up the database in the content column, sql doesn't throw an exception when you exceed the lenght of the column it just cuts out the end

Runner
  • 81
  • 8
  • hey thanks for the answer! I have it as a txt file, the problem is that when I add it directly into the SQL it works fine, but when I do it from the web-end it doesnt work at all – Travinity May 14 '19 at 22:16