Saving text area into mySQL database field PHP

Question

Hi i am using openWYSIWYG as a text editor for a text area. I then am trying to post the contents of the text area to a field in my database.

This is the code i have so far -

<?php
$text = $_GET['Comments']; 



mysql_connect ("localhost", "user", "password") or die ('Error: ' . mysql_error());
mysql_select_db("databasename") or die ('Data error:' . mysql_error());

$query="INSERT INTO KeepData (player_data)VALUES ('$text')";

mysql_query($query) or die ('Error updating database' . mysql_error());




?>

I can connect to the database, and when i click submit it adds a blank entry into the field? how would i get it so it keeps all the formatted data?

Many thanks

update

 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
 <textarea id="Comments" name="Comments">
 example text
 </textarea>
<input type="submit" name="mysubmit" value="Save Post" />
 </form>

DIM3NSION

This is not gonna be considered 'good practise' by the SQL Injection mafia. — JK.
– JK., Commented Aug 12, 2011 at 12:34
Just to say, you should not use the old mysql api anymore, it is deprecated for many years now and eventually will disappear from php. Use PDO instead. — devasia2112
– devasia2112, Commented Oct 20, 2016 at 10:24

Mat · Accepted Answer · 2011-08-12 13:11:39Z

4

Try something like the following:

<?php
    if ($_POST['submit']) {
        mysql_connect ("localhost", "user", "password") or die ('Error: ' . mysql_error());
        mysql_select_db("databasename") or die ('Data error:' . mysql_error());
        $text = mysql_real_escape_string($_POST['comments']); 
        $query="INSERT INTO KeepData (player_data) VALUES ('$text')";
        mysql_query($query) or die ('Error updating database' . mysql_error());
    }
?>


<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    <textarea name="comments">Example Comment</textarea>
    <input name="submit" type="submit" value="submit" />
</form>

edited Aug 12, 2011 at 13:11

answered Aug 12, 2011 at 12:40

Mat

15711 bronze badges

Sign up to request clarification or add additional context in comments.

4 Comments

DIM3NSION Over a year ago

Thanks for your reply i have tried this but again it adds a blank field. Ive updated my post with my form information. Any help would be greatly appreciated

Kasia Gogolek Over a year ago

use this and change $text = mysql_real_escape_string($_POST['comments']);

Mat Over a year ago

What output do you get if you echo $query?

devasia2112 Over a year ago

Check the data type in your database table.

Madara's Ghost · Accepted Answer · 2011-08-12 12:35:21Z

0

You must save an format coded version elsewhere on a hidden textarea (much like here on StackOverflow, if you type **text** it will come out as text, in the database, they probably save it as **text** and render it with PHP.

Once the formatted version is saved, render it with PHP when you get the data from the database.

answered Aug 12, 2011 at 12:35

Madara's Ghost

176k52 gold badges274 silver badges314 bronze badges

Comments

Benno · Accepted Answer · 2011-08-12 12:35:42Z

0

Is your form POSTing or GETing (you said POSTing in your post)? You have $_GET['Comments'], but if your form's action is POST, you need to use $_POST['Comments'];

if you add echo $text;exit; after you assign $text, do you see anything?

answered Aug 12, 2011 at 12:35

Benno

3,0083 gold badges28 silver badges41 bronze badges

1 Comment

devasia2112 Over a year ago

Or just use REQUEST

kravemir · Accepted Answer · 2011-08-12 12:37:06Z

0

You should use mysql_escape_string function because of mysql injection and if text contains ' you'll get error.

answered Aug 12, 2011 at 12:37

kravemir

11.2k17 gold badges70 silver badges121 bronze badges

Comments

J0HN · Accepted Answer · 2011-08-12 12:38:32Z

0

Check if your have <form action='get'>. If it is just <form> get used by default
Check that your wisywig have name='Comments' attribute.
Escape the $text with mysql_real_escape_string. It can contain SQL-illegal symbols, like '. This function escapes them with \
(recommendation) do not use mysql_*, it is deprecated of PHP 5.3 and will be removed.
(recommendation) appending user input to sql query is always a risk of SQL-injection. Use prepared statements

answered Aug 12, 2011 at 12:38

J0HN

27.1k5 gold badges59 silver badges88 bronze badges

Comments

youngdero · Accepted Answer · 2016-10-20 10:12:03Z

0

just add the onclick event something like

<button onclick=" $('#txtEditor').val($('.Editor-editor').html());" type="Publish" id="Publish" name="Publish" class="btn btn-primary">Publish</button>

remember the #txtEditor has to match with the form id, this works well, and note the .html will save it to database with the color,Bold and many more effect if you added any (that is the wysiwyg fuction)

then for your php code that send to database, do something like this

$anything = ($_POST['txtEditor']);

$anything you which to use as variable,dont forget the txtEidtor is the form id. with this your wysiwyg is up and working.

answered Oct 20, 2016 at 10:12

youngdero

3802 silver badges16 bronze badges

Collectives™ on Stack Overflow

Saving text area into mySQL database field PHP

6 Answers 6

4 Comments

Comments

1 Comment

Comments

Comments

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

6 Answers 6

4 Comments

Comments

1 Comment

Comments

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Related