I’m having trouble saving long text into a database from a form. The page loads and returns without saving or displaying an error. Short texts are saving. Here’s the code:
HTML:
<textarea id="" name="text_01" style="width:80%; height:150px;"> </textarea>
PHP/SQL:
$_POST = filter_var($_POST, FILTER_CALLBACK, ['options' => 'trim']);
if (isset($_POST['saveCover']) && !empty($_POST)) {
$data = $_POST;
if (empty($cover)) {
error_log("New Text insert. ");
$sql = "insert into tbl_text (id, text_01) values ($id, '".$data['text_01']."';
}
SQL(DB):
CREATE TABLE `tbl_text` ( `id` int(11) NOT NULL, `text_01` text, `created_at` datetime DEFAULT CURRENT_TIMESTAMP ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='Project Cover Pages';
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Your query is open to injection.
What I can see you have quoted the text using ‘ (single quote), now imagine if the entered text contains any single quote then it will break your query, long/length of the string is not a problem here. Also you have missed a closing ” (double quote)
Use prepared statement, from your code I am not sure what you are using – PDO or mysqli, update your code to use prepared statement accordingly. Here for testing purpose use addslashes() to check if you can save long text.
$sql = "insert into tbl_text (id, text_01) values ($id, '".addslashes($data['text_01'])."'";
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0