Re: Problem with Insert

Wed, 27 Feb 2002 18:13:40 -0800 

Hi Chris,

On Thu, 2002-02-28 at 10:26, Chris Herold wrote:
> Problem:
> Having trouble inserting text files longer than a few lines into MySQL
> although short ones go in fine.
> 
> I'm using a form in HTML to get a value for $abstract...
> <form method="POST" action="abstract_submit.php">
> 
> <textarea name="abstract" rows=20 cols=70></textarea>
> 
> </form>
> 
> I am then using PHP to insert the information into MySQL...
> 
> <<abstract_submit.php>>
> 
> <?php
> 
>     $db = mysql_connect("db.db_name.com", "user", "pass");
> 
>     mysql_select_db("db_name",$db);
> 
>     $sql = "INSERT INTO Abstract_DB (abstract) VALUE ('$abstract')";
> 
>     $result = mysql_query($sql);
> 
>  ?>
> 
> When $abstract is relatively short/small (3 or 4 lines) the insertion takes
> place without any problem.
> 
> THE PROBLEM IS that when a LONG abstract is entered, nothing gets submitted.
> 
> Any ideas on what's up with this?

Well, $abstract could contain characters such as single-quote ('), and
in the above context that would definitely mess up your query. And of
course there are more possible characters that can cause trouble.

You'll want to use an escape function in PHP like mysql_escape_string()
instead of putting user-submitted data straight into your queries. This
can make things not work, or worse, cause security issues.

See also the PHP online manual:
http://www.php.net/manual/en/function.mysql-escape-string.php


Regards,
Arjen.

-- 
MySQL Training in Brisbane: 18-22 March, http://www.mysql.com/training/
   __  ___     ___ ____  __
  /  |/  /_ __/ __/ __ \/ /    Mr. Arjen G. Lentz <[EMAIL PROTECTED]>
 / /|_/ / // /\ \/ /_/ / /__   MySQL AB, Technical Writer, Trainer
/_/  /_/\_, /___/\___\_\___/   Brisbane, QLD Australia
       <___/   www.mysql.com


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to