1

I'm using a simple html-form and PHP to insert Strings into mySQL Database, which works fine for short strings, not for long ones indeed.

Using the phpmyadmin I'm able to insert Strings of all lengths, it's only doesn't work with the html file and PHP.

Will appreciate every kind of help, would love to learn more about this topic...

Thank you all a lot in advance and sorry if the question is to simple...

There are two very similar questions, I found so far... unfortunately they couldn't help:

INSERTing very long string in an SQL query - ERROR
How to insert long text in Mysql database ("Text" Datatype) using PHP

Here you can find my html-form:

<html>
<body>

    <form name="input" action = "uploadDataANDGetID.php" method="post">

            What is your Name? <input type="text" name="Name"><br>
            Special about you? <input type="text" name="ThatsMe"><br>

            <input type ="submit" value="Und ab die Post!">

    </form>

</body>
</html>

and here is the PHP-Script named uploadDataANDGetID.php :

<?php


    $name = $_POST["Name"];
    $text = $_POST["ThatsMe"];

    $con = mysql_connect("localhost", "username", "password") or die("No connection established.");

    mysql_select_db("db_name") or die("Database wasn't found");


    $q_post = mysql_query("INSERT INTO profiles VALUES (null, '{$name}' ,'{$text}')");
    $q_getID =mysql_query("SELECT ID FROM profiles WHERE Name = '{$name}' AND ThatsMe = '{$text}'");


    if(!$q_post) // if INSERT wasn't successful...
    {
        print('[{"ID": "-3"}]');
        print("uploadDataAndGetID: Insert wasn't successful...");
        print("about ME: ".$text);  
    }

    else // insertion succeeded
    {
        while ($e=mysql_fetch_assoc($q_getID))
        $output[]=$e;

        //checking whether SELECTion succeeded too...

        $num_results = mysql_num_rows($q_getID);

        if($num_results < 1)
        {
            // no such profile available
            print('[{"ID": "-1"}]');
        }
        else
        {
            print(json_encode($output));
        }
    }

    mysql_close();
?>

Thank you guys!

Improve this question
4
  • can you also post what error you get and your table description ? Commented Feb 10, 2014 at 21:03
  • also, if you want to get the ID of the new iserted row, you should use the mysql_insert_id function Commented Feb 10, 2014 at 21:12
  • Wow, guys! Thank you all a lot for answering so fast and being so helpful! Commented Feb 10, 2014 at 21:29
  • @Jayaram: I don't get any Errors or Exception... mysql_query just return FALSE... sorry... due to the table description: there are three attributes: ID --> INT auto_increment / Name --> LONGTEXT and ThatsMe --> LONGTEXT. Commented Feb 10, 2014 at 21:32

2 Answers 2

Reset to default
1

you MUST escape your strings, with mysql_real_escape_string, like this:

$name = mysql_real_escape_string($_POST['Name']);
$text = mysql_real_escape_string($_POST["ThatsMe"]);
$q_post = mysql_query('INSERT INTO profiles VALUES (null, "' . $name . '" ,"' . $text . '")');

also read about SQL injection

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Thank you a lot Marek! It worked perfectly for me! Thank you for the Injection advice too, I will try to be as careful as possible in the future... Thanks once more!
no problem. Please accept my answer ;) it is very important to understand the SQL Injection problem. The shortest text to break your previous code is a double quote "
This was a terribad answer, even in 2014. NEVER use mysql_real_escape_string. Use prepared statements or escape your queries with another method. (posting this as this question is well ranked on search engnes)
Thank you Marek. Real-life saver. Finally my hours of frustration ends. I can finally finish my course project :)
1

Use the newer way to connect to MySQL and use prepared statements http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php

Improve this answer

1 Comment

thank you very much Lothar! I will try it out... your link looks very informative! Thanks

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.