I'm using a simple html-form and PHP to insert Strings into mySQL Database, which works fine for short strings, not for long ones indeed.
我使用一个简单的html表单和PHP将字符串插入到mySQL数据库中,这对于短字符串来说很好,而对于长字符串则不行。
Using the phpmyadmin I'm able to insert Strings of all lengths, it's only doesn't work with the html file and PHP.
使用phpmyadmin,我可以插入所有长度的字符串,它只对html文件和PHP不起作用。
Will appreciate every kind of help, would love to learn more about this topic...
非常感谢您的帮助,希望能了解更多关于这个话题的信息……
Thank you all a lot in advance and sorry if the question is to simple...
非常感谢大家,如果问题很简单……
There are two very similar questions, I found so far... unfortunately they couldn't help:
到目前为止,我发现有两个非常相似的问题……不幸的是他们不能帮助:
INSERTing very long string in an SQL query - ERROR
How to insert long text in Mysql database ("Text" Datatype) using PHP
在SQL查询中插入很长的字符串——错误地使用PHP在Mysql数据库(“text”数据类型)中插入很长的文本
Here you can find my html-form:
在这里你可以找到我的html表格:
<html>
<body>
<form name="input" action = "uploadDataANDGetID.php" method="post">
What is your Name? <input type="text" name="Name"><br>
Special about you? <input type="text" name="ThatsMe"><br>
<input type ="submit" value="Und ab die Post!">
</form>
</body>
</html>
and here is the PHP-Script named uploadDataANDGetID.php :
这里是php脚本uploadDataANDGetID。php:
<?php
$name = $_POST["Name"];
$text = $_POST["ThatsMe"];
$con = mysql_connect("localhost", "username", "password") or die("No connection established.");
mysql_select_db("db_name") or die("Database wasn't found");
$q_post = mysql_query("INSERT INTO profiles VALUES (null, '{$name}' ,'{$text}')");
$q_getID =mysql_query("SELECT ID FROM profiles WHERE Name = '{$name}' AND ThatsMe = '{$text}'");
if(!$q_post) // if INSERT wasn't successful...
{
print('[{"ID": "-3"}]');
print("uploadDataAndGetID: Insert wasn't successful...");
print("about ME: ".$text);
}
else // insertion succeeded
{
while ($e=mysql_fetch_assoc($q_getID))
$output[]=$e;
//checking whether SELECTion succeeded too...
$num_results = mysql_num_rows($q_getID);
if($num_results < 1)
{
// no such profile available
print('[{"ID": "-1"}]');
}
else
{
print(json_encode($output));
}
}
mysql_close();
?>
Thank you guys!
谢谢你们!
2 个解决方案
#1
0
you MUST escape your strings, with mysql_real_escape_string
, like this:
必须使用mysql_real_escape_string来转义字符串,如下所示:
$name = mysql_real_escape_string($_POST['Name']);
$text = mysql_real_escape_string($_POST["ThatsMe"]);
$q_post = mysql_query('INSERT INTO profiles VALUES (null, "' . $name . '" ,"' . $text . '")');
also read about SQL injection
还可以阅读SQL注入
#2
2
Use the newer way to connect to MySQL and use prepared statements http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php
使用较新的方式连接到MySQL,并使用预备语句http://www.php.net/manual/en/mysqli.quickstart.preparestatements.php
#1
0
you MUST escape your strings, with mysql_real_escape_string
, like this:
必须使用mysql_real_escape_string来转义字符串,如下所示:
$name = mysql_real_escape_string($_POST['Name']);
$text = mysql_real_escape_string($_POST["ThatsMe"]);
$q_post = mysql_query('INSERT INTO profiles VALUES (null, "' . $name . '" ,"' . $text . '")');
also read about SQL injection
还可以阅读SQL注入
#2
2
Use the newer way to connect to MySQL and use prepared statements http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php
使用较新的方式连接到MySQL,并使用预备语句http://www.php.net/manual/en/mysqli.quickstart.preparestatements.php