2

This is my JS file 

function save()
{

    var hist = document.getElementById("hist").value;
                var mission =   document.getElementById("mission").value;

            var params = "history=" + hist+ "&mission=" + mission;
 var xmlhttp = new XMLHttpRequest();
        xmlhttp.onreadystatechange = function() 
        {
             if (this.readyState == 4 && this.status == 200 ) 
            {

                 UserAccountInfo =   this.responseText;
                 alert(UserAccountInfo);
            }
        }
        xmlhttp.open("POST","savecompany.php",true);
        xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
        xmlhttp.send(params);  
}

hist msg will be

Founded by Engineer Anas El-Menoufi after 8 years of experience as marketing advisor and business development manager for W.C Heraus GmbH in Africa and Middle East. Since 1983 MYMSA is recognized in the Egyptian market as one of the first companies in Egypt and MENA region specialized in the supply of solutions, instrumentation, consultancy and after sales service for primary & secondary testing and calibration laboratories in many fields.

and mission will be

Aims to gain customers' trust & satisfaction by providing the best consultancy, raising the market awareness as well as partnering with the best manufacturers all over the world.

We believe that building our internal capabilities will reflect on the market.

after sending these variables to PHP file

hist became

Founded by Engineer Anas El-Menoufi after 8 years of experience as marketing advisor and business development manager for W.C Heraus GmbH in Africa and Middle East. Since 1983 MYMSA is recognized in the Egyptian market as one of the first companies in Egypt and MENA region specialized in the supply of solutions, instrumentation, consultancy and after sales service for primary

and mission

Aims to gain customers' trust

Only!!! Why this happens??? And how can I send the whole large message ??

This is my PHP file 

<?php

    require "conn.php";


    $history= $_POST["history"];
    $mission = $_POST["mission"];

    $sql = " UPDATE company SET history ='$history' , mission='$mission'  where id='1'";
    mysqli_query($conn,$sql);


echo "done";
mysqli_close($conn);
?>
ceejayoz
  • 176,543
  • 40
  • 303
  • 368
Eman Fateen
  • 821
  • 2
  • 9
  • 14
  • @AustenHolland I don't think so. This is another problem – Eman Fateen May 25 '19 at 01:14
  • 1
    Well, it's a related problem. You need to sanitize inputs. Your problem is happening because you haven't sanitized the JavaScript input, but you've also got a giant SQL hole that'll continue to cause you issues. Time to learn about SQL injection vulnerabilities and parameterized MySQL queries - a `'` in `$history` will break your site. – ceejayoz May 25 '19 at 01:18

2 Answers2

5

First of all, you should be posting this kind of data within the body/payload of the POST request, but here's why your current solution isn't working:

As you can see, your text stops just before the "&" symbol in the text - this is because the & symbol is a URL component to append another query parameter - this needs to be encoded into %26, and luckily JavaScript has a function to do this, encodeURIComponent.

When creating your params variable, you can use encodeURIComponent like this:

var params = "history=" + encodeURIComponent(hist) + "&mission=" + encodeURIComponent(mission);
Phineas
  • 51
  • 1
  • 2
0

You can convert the data into something that Javascript on php understand i.e.

var params = ["history" : hist,
              "mission" : mission];
params = JSON.stringify( params );

Then on the php side use:

$history = $_POST['history'];
$mission = $_POST['mission';