Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Code fails to insert text from textarea into table with mediumtext field

Posted on 2007-11-20
8
Medium Priority
?
472 Views
Last Modified: 2013-12-13
On a form I have a textarea object that I want to insert/update a table where it maps to a mediumtext field.

The code gives me no errors but doesn't perform the insert or update.

If I echo the sql and run it in a query window, it runs just fine (albeit without the special chars like carriage returns).

Here is the table structure:
messageid INT
type TINYINT
authorid INT
datetime DATETIME
subject VARCHAR 100
message MEDIUMTEXT

And here is the code:
$sql = "INSERT INTO messages ";
$sql .= "(";
$sql .= "type, ";
$sql .= "authorid, ";
$sql .= "datetime, ";
$sql .= "subject, ";
$sql .= "message";
$sql .= ") VALUES (";
$sql .= "0, ";
$sql .= $fromuserid . ", ";
$sql .= "\"" . date("Y-m-d H:i:s", time()) . "\", ";
$sql .= "\"" . $subject . "\", ";
$sql .= "\"" . $message . "\"";
$sql .= ")";
$safesql = & new SafeSQL_MySQL; //class module to protect against SQL injection attacks
$sql = $safesql->query($sql);
mysql_select_db($mysql);
mysql_query($sql);      


Any ideas?
0
Comment
Question by:HarpuaFSB
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 21

Expert Comment

by:nizsmo
ID: 20322675
How about trying to change the MEDIUMTEXT into TEXT?
0
 

Author Comment

by:HarpuaFSB
ID: 20322692
Do you mean change the field type or do an inline conversion?
0
 
LVL 24

Expert Comment

by:mankowitz
ID: 20322706
Are you sure that your code connects to the DB? try a select query to make sure. Just so you know, the mysql_query will return false if there is a problem, but it will not end the script.

from the php docs:
For other type of SQL statements, UPDATE, DELETE, DROP, etc, mysql_query() returns TRUE on success or FALSE on error.
0
Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

 

Author Comment

by:HarpuaFSB
ID: 20322758
Yes, it connects just fine.

If I replace $message with "TEST", the query runs.

However, if I try to insert something like:
"
testing reply mode

------------ Original Message -----------
From: <a href="profile.php?id=71">Meggie D</a>
Date: 2007-11-19 10:58 AM

Testing 1..2..3...
"

it doesn't run the query.
0
 
LVL 21

Expert Comment

by:nizsmo
ID: 20322845
HarpuaFSB:

you need to use addslashes() before passing it in, to escape characters like ".
0
 
LVL 21

Accepted Solution

by:
nizsmo earned 2000 total points
ID: 20322850
eg:
$sql = "INSERT INTO messages ";
$sql .= "(";
$sql .= "type, ";
$sql .= "authorid, ";
$sql .= "datetime, ";
$sql .= "subject, ";
$sql .= "message";
$sql .= ") VALUES (";
$sql .= "0, ";
$sql .= $fromuserid . ", ";
$sql .= "\"" . date("Y-m-d H:i:s", time()) . "\", ";
$sql .= "\"" . $subject . "\", ";
$sql .= "\"" . addslashes($message) . "\"";
$sql .= ")";
$safesql = & new SafeSQL_MySQL; //class module to protect against SQL injection attacks
$sql = $safesql->query($sql);
mysql_select_db($mysql);
mysql_query($sql);  

Open in new window

0
 

Author Comment

by:HarpuaFSB
ID: 20322927
I thought the SafeSQL class I was using did that but I guess not.

Now my whole SQL injection defense is subject to question.  Yikes.
0
 
LVL 24

Expert Comment

by:mankowitz
ID: 20325095
I think you would be better off with mysql_real_escape_string. See http://php.net/mysql_real_escape_string
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Containers like Docker and Rocket are getting more popular every day. In my conversations with customers, they consistently ask what containers are and how they can use them in their environment. If you’re as curious as most people, read on. . .
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question