I have a form where the fields are filled in and the are submitted which adds all this to a table in an SQL database. To do this I have a short PHP script that takes all the post values and then inserts them to the database. One of the fields in the submitted form is over 7000 letters long and it will not submit. It will submit if I clear the description box which is the 1 where the text is over 7k characters. I can add all these details manually to the database and they are displaying on the website as they should. The problem is with the description being this long. Is there a way to sort this out or is there a limit on the amount of letters there can be?
this is the code from the insertpost.php. This is the page that gets called when the form is submitted
$Title = $_POST['title'];
$LinkTitle = $_POST['linktitle'];
$Category = $_POST['category'];
$SubCategory = $_POST['subcategory'];
$MainPic = $_POST['mainpic'];
$Description = $_POST['Description'];
$Main = $_POST['maintext'];
$Featured = $_POST['featured'];
$thumb = $_POST['thumbnail'];
include 'phpincludes/dbconnection.php';
$insertSQL = "INSERT INTO Posts (ID,Title,LinkTitle,MainPicture,ViewCount,Description,Maintext,Type,Featured,category,thumbnail)
VALUES('','$Title','$LinkTitle','$MainPic','0','$Description','$Main','$SubCategory','$Featured','$Category','$thumb')";
$db->query($insertSQL)
Yes there is a limit, you find it documented in the PHP manual for string http://php.net/string :
Note: string can be as large as 2GB.
This requires that you have allowed PHP to use that much memory. Which is not always possible to configure based on operating system. For more details, I can suggest the beginning of my blog post: Protocol of some PHP Memory Stretching Fun.
As haskre suggests, the is a limit on a string in PHP however its quite big and 7000 characters should not be causing an issue. There is also a more stringent limit on field sizes in MySQL however we can ignore this as you said you can save the entries directly into MySQL and they display fine.
You need to find out why it's not inserting. I suspect that you have a character in your 7000 characters that is breaking it, maybe a quote symbol or something that you need to escape.
Run your script again with 7000 characters in the and print out the MySQL error so that you can debug and resolve.
To print out the error from MySQL you can use *mysql_error()*. More information on this can be found in the php manual.
Related
Hope all is well.
I have had a bit of an issue this evening when I was working on a message system for some project for work.
I'm working on the inbox, and have it set up so that it pulls the message subject, sender, and date of sending in table rows on the front-end. That all works great.
My issue is pulling the message body, which is the actual message content. It's supposed to show up in a modal when the table rows are clicked in the front-end, and I can get that to work without issue. The problem is that I can't pull a non-undefined variable for the message content in the first place.
My SQL table looks like this:
msgTo (text), msgFrom (text), msgSubject (text), msgMessage (text), msgDate (text)
My PHP code looks like this:
$msgTo = $row["msgTo"];
$msgFrom = $row["msgFrom"];
$msgSubject = $row["msgSubject"];
$msgTime = $row["msgTime"];
$msgDate = $row["msgDate"];
$msg = $row["msgMessage"];
If I echo or print any of the variables other than my $msg variable, it works great. But no matter what I try, my $msg variable returns undefined.
The content for the "msgMessage" column in the MySQL table is the following:
"Hello John,
How's it going?"
My best guess is that because unlike all the other variables I'm pulling, this one has line breaks, and maybe it can't handle the equivalent of "\n"? So maybe there is some sort of way I need to sanitize it.
Please let me know if there is more information you need.
SOLUTION
My query did not include the variable I was trying to retrieve. It was just one of those silly mistakes that you end up spending too much time on.
If you're just now finding this post, remember to double-check your queries, everyone!
Your problem is here. Mask single quote
"Hello John,
How\'s it going?"
for example
$msg = str_replace("'", "\'", $row["msgMessage"]);
I have text correctly saved into a mariahDB 10.2 database. The text, to complicate matters, is in fact a combination of Regular Expressions and a hybrid code invented by someone else.It can be used unchanged in another application as a text file - not PHP. But it just text at the end of the day. I want to grab data from this table, change it a small amount, and save it in a new table.
The problem is less so about changing the original data much, but more about SELECTING and saving data that is full of backslashes, single quotes, and double quotes to a new table without it being changed when it is saved. Is there a simple way in PHP and MySQL to take text from a table and resave it exactly as it is so the second table is not different from the the first?
For example the first table has the following in it.
add list to list(%section,$plugin function("XpathPlugin.dll", "$Generic Xpath Parser", $document text, "//p[1]/a[#class=\'result-title hdrlnk\' and 1]", "outerhtml", "False"),"Don\'t Delete","Global")
But if I put this into a variable and then INSERT or UPDATE that to another table, MySQL seems to strip out the backslashes, or add backslashes and throw errors for incorrectly formatted SQL.
For instance Don\'t Delete becomes Don't Delete and in other examples \\ become \
In another case ?=\")" loses the a backslash and becomes ?=")"
I have tried dozens of combinations of PHP function to leave the text alone, such as addslashes(), htmlentities(), preg_replace(), various string substitution and nothing get the data back into the table the same way as it came out.
Does anyone have the trick to do this? I would call the function leave_my_text_alone(); !!
EDIT
To add a few things that did not do the trick to get a variable I could update into the database I tried
$omnibotScript = addcslashes($omnibotScript,"'");
I then found I need to do this twice to consider the backslash being removed from before the apostrophe in Don't Delete....or it would throw a MySQL parsing error..Doing it again fixed that. So then I had to put two backslashes back to have one removed. I then added this to consider a double backslash being reduced to single backslash.
$pattern = '/\\\\"/';
$replacement = '\\\\\\\"';
$omnibotScript = preg_replace($pattern, $replacement, $omnibotScript);
But the list went on.
Use prepared statements.
If you use a prepared statement, MySQL will take care of all the escaping you need to get the string back into the table exactly as it came out of it. For example, using MySQLi:
$query = "SELECT s1 FROM t1";
if (!$result = $con->query($query)) {
exit($con->error);
}
$row = $result->fetch_assoc();
$value = $row['s1'];
$query = "INSERT INTO t2(s1) VALUES (?)";
$stmt = $con->prepare($query);
$stmt->bind_param('s', $value);
$stmt->execute();
The value of s1 in t2 will be exactly the same as the value in t1.
so here's what I want to do, I want to be able to cache a whole web page, which would be something like this
$domain = "cnn.com";
$title = "CNN";
$cacheado = file_get_contents('http://www.google.com');
$ingresar = "INSERT INTO indexed_links (link, title, cacheado) VALUES ('$domain', '$title', '$cacheado')";
$db_on = mysqli_connect('localhost', 'root', 'pass', 'data_base');
mysqli_query($db_on, $ingresar);
My great concern is, I tried to do this exact code with the page example.com, which would be $cacheado = file_get_contents('http://example.com');
Which worked completely fine, it added the whole HTML code to the page, which is something somewhat short, it's an easy HTML code, now, Google and a bunch of other sites got more codes into their HTML, as a result, sites with longer HTML codes are not going through the mysqli_query query, which I suppose it has to do with MySql and not PHP because the code works just fine with example.com...
The column of the table which I want to insert the HTML code is cacheado, which has a type set in the MySQL database of text, does this have something to do?
The problem is not with the datatype. Instead, you failed to escape the strings before building the INSERT statement.
In particular, there was probably an apostrophe (') in that web page.
Change field type from TEXT() to VARCHAR(65535). It is the max lenght I now you can set for a field.
I am trying to display the contents of a field in a MS SQL database, the data type of which is 'text'. When I connect to the database with MS Excel on a PC the value looks something like:
Shipped on the: 18/10/12 Toll IPEC Connote Number: XXX XXX XXXX
When I connect to the database with PHP using the Microsoft ODBC driver for Linux, the output of the text field will display random characters, which are slightly different each time I run the exact same script. Here is what it output the last four times:
Xisep)!ØwXment.class.php))
5isep)!ment.class.php))
µ}isep)!Ø}ment.class.php))
t)!!Owner_IDt)Ø©Ø8
Not sure where it's getting the 'ment.class.php' bit from. That looks like the end of the name of one of my classes, but not one that is included in this particular script. Is the driver broken or what? All other data types (int, varchar, datetime etc) seem to display correctly, the problem only seems to happen with this one text field.
Here is the code:
<?php
require('ConnectWise.inc.php');
$config = new CW_Config;
// Connect to database
$dbcnx = odbc_connect("ConnectWise", $config->db_username, $config->db_password);
// Query database
$query = "select * from Billing_Log where Invoice_Number = '24011'";
$result = odbc_exec($dbcnx, $query);
while ($row = odbc_fetch_array($result)) {
echo $row['Top_Comment'] . "\n";
}
odbc_close($dbcnx);
Here is the output of my last few attempts:
\3ȶä!!¶äY!
öÈö§!!ö§Y!
&Èö×!!ö×Y!
Looks like you're getting an overflow. For some reason SQL is passing the length of your text field as 0, which to SQL means "long" but to PHP means "I dont know" and so PHP is showing whatever is in its memory at the location its expecting data (or something like that - any PHP experts care to explain?).
I've seen this with varchar(max) before but not text. (Converting to) Text is normally the way to fix it. So maybe I'm wrong.
Hope this is of some help. Im not a PHP developer, I just have to use it occasionally, and this sounds much like a painful experience I've gone through before :)
I'm having trouble with the ampersand symbol, because I've to allow user to insert page_title within database.
The problem is that in my mother language many companies have the symbol in their names like per example "Santos & Filhos".
The question is, how can I insert this, without break my database and without opening security issues?
using this the database gets broken
$title = preg_replace('/&/', '&', $title);
$final_title = utf8_encode($title);
I'm using utf8_encode because of the other accents like á or ã
Thanks, hope you can help me here
EDIT
ok, first thanks to all, most of you were wright, mysql_real_escape_string is indeed one of the best options, if not the best.
I discovered that I was missing one escape (in query) before post my variables to be processed by php and inserted within the database.
So I manage to get my & but now I can't manage to have accents...
So far my php code looks like this
$title = mysql_real_escape_string($_POST['title']);
$sql = "UPDATE bodytable SET body_title = '".utf8_encode($title)."'";
and then in my frontage I've
utf8_decode($row['body_title']);
the result is
<title>Santos & Filhos - Repara?es de autom?veis</title>
Escape characters going into the database with something like mysql_real_escape_string() or PDO and use htmlentities() when displaying it.
This covers securing user input: What's the best method for sanitizing user input with PHP?
Try using an escape character in front of all your special characters you want to insert in the database. Encoding is ok but for example, if the following string was to be added to mysql string field you would get an error.
"special characters don't work"
And you can do this to prevent these errors
"special characters don\'t work"
I belive there is a methods called addslashes(string x) and stripslashes(string x) that will do that for you.
$title_to_insert_in_database = $str = addslashes($title);
$title_for_page = htmlspecialchars($title_from_database);