Home | Community | Message Board

Mycohaus
This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: Kraken Kratom Red Vein Kratom   North Spore Injection Grain Bag

Jump to first unread post Pages: 1
Invisibledaytripper05
Psychonaut
Male User Gallery


Folding@home Statistics
Registered: 10/30/06
Posts: 6,962
Loc: In my garden
PHP/MySQL question
    #8335907 - 04/27/08 09:48 PM (15 years, 8 months ago)

I wrote a script to update a LONGTEXT field in a MySQL database. It works fine until I enter a large value. I don't know exactly how many lines I can get in but it's roughly two paragraphs. I purposely made this a LONGTEXT field so I could handle these large entries. The script will small entries but when a larger one is entered, the script executes just doesn't update the database. BUT if I user MySQL browser or phpMyAdmin it will let me update the entry with the desired info.

In the html side of things, the value is comming from a TEXTAREA and the form uses the POST method. I just can't seem to figure out why everything works will small entries, not large one. If you have any help in regards to this issue, I would much appreciate it. Perhaps I should use a different field type. I don't even know here to begin to start debugging considering the script ever hang up.

Let me know what code you need to see(if any) and I will post it.


Extras: Filter Print Post Top
OfflineSeussA
Error: divide byzero


Folding@home Statistics
Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 19 days
Re: PHP/MySQL question [Re: daytripper05]
    #8336668 - 04/28/08 04:04 AM (15 years, 8 months ago)

Rule #1 when debugging... divide and conquer.

First you need to figure out if the problem is with mysql, php, or http.

1) hard code a large value (that would fail) to the longtext variable in PHP (rather than using the form to set the value) immediately before the update. Run the script and see if the database updates. If so, you can rule out mysql.

2) put a call to phpinfo(); exit(); at the start of your script. Submit a large value and look at the output from phpinfo for the value you submitted. Is it correct? If so, we can rule out http.

Be sure that the value is not being treated as a GET rather than a POST variable. The maximum size of a GET variable is fairly small.

3) assuming both of the above were correct, then something in your script is mangling the variable. Start printing out the size of the variable at different places in the script and try to narrow down the area where the size changes.

Remember, if you didn't escape your text variable, then things like quotes in your text can result in truncated data once mysql gets it.

Example:
$txt="This isn't what I meant!";
update table insert txt values ('$txt');
select txt from table;
Mysql result => "This isn"


--------------------
Just another spore in the wind.


Extras: Filter Print Post Top
Invisibledaytripper05
Psychonaut
Male User Gallery


Folding@home Statistics
Registered: 10/30/06
Posts: 6,962
Loc: In my garden
Re: PHP/MySQL question [Re: Seuss]
    #8337250 - 04/28/08 11:38 AM (15 years, 8 months ago)

Ok when I did the task of #1, it failed. I assigned the data (a to do list less than a page long) I wanted to submit to a variable. Then executed the script. The php script executed and returned properly except for the mysql...so it was doing that same thing.

Then I did the second thing. phpinfo returned the correct value for the variable. I checked again, the form action IS set to POST.

So that leads to MySQL. The SQL statement is correct becauce it wouldn't work with smaller text field if it was wrong. I have $body = $_POST['body'] and the SQL statement reads INSERT INTO $tblName body VALUES ('$body'). I even changed $body to $_POST['body'] and still the same error. I tried changing the field type to text, longtext, blob, longblob and they all have the same problem.

Currently this site is being hosted by Brinkster, surely they have their shit setup right...

Anyway, let me know what you think.


Extras: Filter Print Post Top
Invisibledaytripper05
Psychonaut
Male User Gallery


Folding@home Statistics
Registered: 10/30/06
Posts: 6,962
Loc: In my garden
Re: PHP/MySQL question [Re: daytripper05]
    #8337280 - 04/28/08 11:52 AM (15 years, 8 months ago)

After more testing, i am finding it might have something something to with the truncating. Because I was typing a to do list with a bulleted list ex:

thing to do
- things
- more things

thing to do
-things
-more things

I did have 1 parenthesis in my form entry. I checked my statements, and it would make sense with what you said. So I tried the same entry without the parenthesis and it worked.

So my question is, how do I fix this problem? And how would I display the list above as is when it is called from the database to be viewed? I use to script with coldfusion and they had a fuction that converted the text from a database to display the same way in a browser, it added the <p>'s where needed. This is for a client, and I don't want them to have to type <br />'s and <p>'s to get the submittions to looks how they type them in the box....Much like how here at shroomery it's auto formats the text I enter into paragraphs of the form instead of all together.


Edited by daytripper05 (04/28/08 12:16 PM)


Extras: Filter Print Post Top
OfflineYthanA
ᕕ( ᐛ )ᕗ
Male User Gallery


Registered: 08/08/97
Posts: 18,774
Loc: NY/MA/VT Borderlands Flag
Last seen: 40 minutes, 47 seconds
Re: PHP/MySQL question [Re: daytripper05]
    #8337397 - 04/28/08 12:33 PM (15 years, 8 months ago)

It looks like you aren't escaping the variable before inserting it. This will break your query if the text contains a delimeter character (in this case the single quote '). Besides that problem it also makes your script vulnerable to sql injection attacks. You must always escape any variable when you aren't certain what it may contain. You can escape it explicitly, or use a prepared statement if your version of PHP supports it.

Prepared statement:
Code:
$db = new mysqli("localhost", "user", "pass", "dbname");
$stmt = $db->prepare("INSERT INTO tableName body VALUES ('?')");
$stmt->bind_param("s", $_POST['body']);
$stmt->execute();



Escaping your variable:
Code:
$link = mysql_connect("localhost", "user", "pass");
$body = mysql_real_escape_string($_POST['body'], $link);
$query = "INSERT INTO tableName body VALUES ('$body')";
mysql_select_db("dbname", $link);
mysql_query($query, $link);



Extras: Filter Print Post Top
Invisibledaytripper05
Psychonaut
Male User Gallery


Folding@home Statistics
Registered: 10/30/06
Posts: 6,962
Loc: In my garden
Re: PHP/MySQL question [Re: Ythan]
    #8337420 - 04/28/08 12:45 PM (15 years, 8 months ago)

Thanks a lot for the info. CFML did this automatically, so it's good to know these kind of things. You guys have been a lot of help as usual.

That definitly fixed the problem.

But one more question... What is primary difference in use between the two pieces of code you posted? Currently, I just escaped the individual variable, but where it benefit to use the other example? I am new to php, what does the
-> command do exactly? I have seen this is several scripts before but never knew what it did.


Edited by daytripper05 (04/28/08 01:03 PM)


Extras: Filter Print Post Top
OfflineYthanA
ᕕ( ᐛ )ᕗ
Male User Gallery


Registered: 08/08/97
Posts: 18,774
Loc: NY/MA/VT Borderlands Flag
Last seen: 40 minutes, 47 seconds
Re: PHP/MySQL question [Re: daytripper05]
    #8337640 - 04/28/08 01:42 PM (15 years, 8 months ago)

Functionally the two pieces of code are equivalent. But if you're just getting started it's good to get in the habit of using prepared statements. The reason is that prepared statements enforce safe queries. You don't have to worry about escaping every variable, you don't have to worry about users overwriting the value of your variables in ways you didn't intend, and you don't have to do type validation. There can also be performance improvements if you're doing the same query multiple times with different data, but that's an ancillary benefit in most cases.

The arrow -> operator is used in object-oriented code to access methods (aka functions) and properties (aka variables) of a class. See http://www.killerphp.com/tutorials/object-oriented-php/index.php for a good introduction to object-oriented PHP. That's another coding practice with its own benefits and drawbacks, you should decide based on the size of your project and how secure and reusable you want its components to be. For small projects, excessive modularization is a waste of time IMHO but for large projects with multiple developers it can be essential.


Extras: Filter Print Post Top
Invisibledaytripper05
Psychonaut
Male User Gallery


Folding@home Statistics
Registered: 10/30/06
Posts: 6,962
Loc: In my garden
Re: PHP/MySQL question [Re: Ythan]
    #8338265 - 04/28/08 04:43 PM (15 years, 8 months ago)

Thanks a lot. You really helped me out. Syntax is one thing, but out of all tutorials and examples I have read, nothing I have read even mentioned the things you did. Thanks again.


Extras: Filter Print Post Top
Jump to top Pages: 1

Shop: Kraken Kratom Red Vein Kratom   North Spore Injection Grain Bag


Similar ThreadsPosterViewsRepliesLast post
* hooking openoffice to mysql automanM 781 2 07/22/05 02:54 PM
by automan
* PHP vs. Cold Fusion Evolving 1,126 7 03/15/03 06:08 AM
by Lana
* webmasters HELP ( php ) ChromeCrow 713 3 09/08/03 07:47 AM
by Seuss
* Simple emberassing noob question.. Lightningfractal 687 2 12/15/03 11:58 AM
by Lightningfractal
* mysql hint please sherm 848 10 07/01/05 07:25 PM
by automan
* Questions/raving nonsense about Cupyuters and things RedNucleus 512 2 06/26/03 12:16 PM
by
* Jscript Question..... DigitalDuality 562 3 05/13/04 08:10 AM
by MAIA
* Yeah... another firewall question :) Lana 939 10 04/29/04 08:25 PM
by TinMan

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
983 topic views. 0 members, 0 guests and 3 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.024 seconds spending 0.004 seconds on 12 queries.