php - PHP- SQL not saving long text
问题描述
I'm having trouble saving long text into a database from a form. The page loads and returns without saving or displaying an error. Short texts are saving. Here's the code:
HTML:
<textarea id="" name="text_01" style="width:80%; height:150px;">
</textarea>
PHP/SQL:
$_POST = filter_var($_POST, \FILTER_CALLBACK, ['options' => 'trim']);
if (isset($_POST['saveCover']) && !empty($_POST)) {
$data = $_POST;
if (empty($cover)) {
error_log("New Text insert. ");
$sql = "insert into tbl_text (id, text_01) values ($id, '".$data['text_01']."';
}
SQL(DB):
CREATE TABLE `tbl_text` (
`id` int(11) NOT NULL,
`text_01` text,
`created_at` datetime DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='Project Cover Pages';
解决方案
Your query is open to injection.
What I can see you have quoted the text using ' (single quote), now imagine if the entered text contains any single quote then it will break your query, long/length of the string is not a problem here. Also you have missed a closing " (double quote)
Use prepared statement, from your code I am not sure what you are using - PDO or mysqli, update your code to use prepared statement accordingly. Here for testing purpose use addslashes() to check if you can save long text.
$sql = "insert into tbl_text (id, text_01) values ($id, '".addslashes($data['text_01'])."'";
推荐阅读
- javascript - 如何通过 JavaScript/HTML 中的按钮打开本地文件?
- sql - 在数据库转换中安排数据
- flutter - 如何在颤振中从 FutureProvider 获取数据
- sql - 检查日期范围是否在 WW 范围内
- java - Smali - 注入一个简单的方法返回一个异常
- javascript - 在 ReactJS 中为 URLSearchParams 添加条件
- asp.net-mvc - 我怎么能用布尔可空或假做剑道网格过滤器
- decentralized-applications - 使用 Decentraland 的 ECS 延迟操作
- swift - 如何以编程方式更改 SKLabelNode 的文本?
- sql - 将列从一个表插入到另一个表