Page 1 of 2

BLOB entry

Posted: Tue Oct 18, 2005 10:53 am
by ra
I have 4 textareas in a form that correspond with 4 BLOB (also tried TEXT) columns in a MySQL database. The data does not go in:

Code: Select all

if (isset($_POST['submit'])) { 
   $string = "INSERT INTO hotjobs (name, contact, phone, fax, address, url, desc, position, posdesc, benefits, consider) VALUES('$name', '$contact', '$phone', '$fax', '$address', '$url', '$desc', '$position', '$posdesc', '$benefits', '$consider')";
   $query = mysql_query($string);
} 


if ($_GET['delete'] > 0) {
$sql = mysql_query("DELETE FROM hotjobs WHERE id = '$_GET[delete]' ") or die ( mysql_error());
echo "<h2>Position Deleted</h2>";
}

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>hot jobs admin 1.0</title>
<style type="text/css">
<!--
body,td,th {
	font-family: Arial, Helvetica, sans-serif;
	font-size: 12px;
}
.style1 {font-size: 9px}
body {
	background-color: #CCCCCC;
}
.style2 {color: #999999}
.style4 {color: #FFFF00}
.style5 {color: #FFFFFF}
-->
</style>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<h2 align="left" class="style2">HotJobs 1.0 </h2>
<table width="750"  border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="55%" valign="top" bgcolor="#000000"><table width="750" border="1" cellpadding="2" cellspacing="0" bordercolor="#666666" bgcolor="#FFFFFF">
      <tr bgcolor="#FFFFFF">
        <td colspan="2" bgcolor="#FFFFCC"><h2>Add a Position: </h2></td>
        </tr>
      <tr bgcolor="#FFFFFF">
        <td width="367" valign="top" bgcolor="#FFFFFF"><form method="POST" action="adminjobs7.php">
            <strong>Company Name:</strong><br>
                <span class="box"> </span>
                <input name="name" type="text" id="name">            
                <br>
                <br>
                <b>Contact Person:</b><br>
                <input name="contact" type="text" id="contact" size="40" maxlength="250">
	            <br>
			    <br>
                <strong>Phone:</strong><br>
                <input name="phone" type="text" id="phone" maxlength="20">
                <br>
                <br>
                <strong>Fax:</strong><br>
                <input name="fax" type="text" id="fax" maxlength="20">
                <br>
                <br>
                <strong>Address:</strong><br>
                <input name="address" type="text" id="address" size="40" maxlength="250"><br>
                <br>
              <strong>URL:</strong><br>
              <input name="url" type="text" id="url" size="40" maxlength="250">
				<strong><br>
				<br>
				Employer Description:</strong><br>
              <textarea name="desc" cols="40" rows="5" id="desc"></textarea>
              <br>
                <br>
                <strong>Position:</strong><br>
                <input name="position" type="text" id="position" size="40" maxlength="250">
			<strong><br>
			<br>
			Position Description:</strong><br>
                <textarea name="posdesc" cols="40" rows="5" id="posdesc"></textarea>
            <strong><br>
            <br>
            Employer Benefits Include:</strong><br>
                <textarea name="benefits" cols="40" rows="5" id="benefits"></textarea>
            <strong><br>
            <br>
            Reasons to Consider Us:</strong><br>
            <textarea name="consider" cols="40" rows="5" id="consider"></textarea>              
              <br>
                <br>
                <input type="submit" name="submit" value="Submit">
              <br>
              <span class="style1">*do not use the ' symbol.</span>
          </form></td>
What is the best way to enter in large sections of text through PHP?

Posted: Tue Oct 18, 2005 11:00 am
by Chris Corbyn
There's no doubt some invalid characters in there which need to be escaped for MySQL to not bail out.

Always: mysql_real_escape_string() ;)

Posted: Tue Oct 18, 2005 11:08 am
by ra
in testing, i submit a single letter to each field...

"Always: mysql_real_escape_string()"

THe details of this page seem to cover replacing characters; I want the characters to remain in tact...

Posted: Tue Oct 18, 2005 11:14 am
by Chris Corbyn
Any errors :?:

Posted: Tue Oct 18, 2005 11:17 am
by ra
no errors, but no data is submitted. WHen i remove the textareas, the page works fine...

Posted: Tue Oct 18, 2005 11:23 am
by ra
should i try TEXT instead?

Posted: Tue Oct 18, 2005 11:46 am
by Chris Corbyn
That shouldn't make a difference, BLOB should take anything.

What level of error reporting do you have on?

Try

Code: Select all

$query = mysql_query($string) or die(mysql_error());
Should give you some idea as to why it's failing.

Posted: Tue Oct 18, 2005 11:54 am
by ra
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc, position, posdesc, benefits, consider) VALUES('q', 'q', '

Posted: Tue Oct 18, 2005 12:13 pm
by ra
as near as i can tell, the 'textarea' input type is causing the problem... but the code looks right...

Posted: Tue Oct 18, 2005 12:23 pm
by qads
try putting ` around the fields in the INSERT query, i.e. `desc`

Posted: Tue Oct 18, 2005 12:33 pm
by ra

Code: Select all

$string = "INSERT INTO hotjobs (name, contact, phone, fax, address, url, 'desc', position, 'posdesc', 'benefits', 'consider') VALUES('$name', '$contact', '$phone', '$fax', '$address', '$url', '$desc', '$position', '$posdesc', '$benefits', '$consider')";
returns:

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ''desc', position, 'posdesc', 'benefits', 'consider') VALUES('1'

I also tried single quotes around all of the fields...

Posted: Tue Oct 18, 2005 3:32 pm
by Chris Corbyn
You've used single quotes... you should use backticks instead.

'quotes'

`backticks`

On a UK keyboard it's on the same key as ¬

The reason is that putting those ticks on tells MySQL that you're referring to a database, table, or column.

It looks like you need it here because "desc" is a reserved word in mysql which is used for sorting data.

Posted: Tue Oct 18, 2005 4:59 pm
by ra
That did it! Thanks a ton...

Now what was it that you were saying about character stripping? How would i implement that in this script?

Posted: Tue Oct 18, 2005 5:01 pm
by qads
like this:

Code: Select all

$desc = mysql_real_escape_string($desc);

Posted: Tue Oct 18, 2005 5:13 pm
by ra
so i would add that code for all of the fields?