Reputation: 11
INSERTing very long string in an SQL query - ERROR
The problem is that whenever I input a big-ass text in the form of my php page and try to INSERT it through a SQL query into the database, it gives me an error like this:
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' 'sample title', 'spent the long months of the rainy season shut up in a small room th' at line 1"
The query is this:
$sql = "INSERT INTO `d` (`user_id`, `title`, `message`) VALUES ($user_id, '$topic', '$message')";
The interesting thing is that it gives me no error when I manually insert the values and run the query in phpmyadmin.
Upvotes: 0
Views: 2949
Answers (2)
Reputation: 159905
Use prepared statements:
$db = new PDO(...);
$stmt = $db.prepare("INSERT INTO `d` (`user_id`, `title`, `message`) VALUES ($user_id, :topic, :message)");
// I'm assuming that title is a VARCHAR(50) and message is a VARCHAR(500)
$stmt->bindParam(":topic", $topic, PDO::PARAM_STR, 50);
$stmt->bindParam(":message", $topic, PDO::PARAM_STR, 500);
$stmt->execute();
This places the job of escaping / properly passing data squarely in the hands of the database engine - which is where it belongs. Avoid building SQL strings from user input wherever you can and you'll avoid many potential SQL injection attacks.
Upvotes: 1
Reputation: 9847
I bet there are single quotes ( ' ) in the string. Escape $topic before using it in your INSERT.
Upvotes: 2
Related Questions
- MySQL ERROR 1406 (22001): Data too long for column
- MySql SP - Data too long error
- Problem inserting a long text in database column MYSQL PHP
- Why is my string stopping after 2995 characters in php
- How to insert long Strings into mySQL database using PHP?
- Why can't I add a large string to an SQL database?
- MySQL Syntax Error at long entered text
- SQL Error 1406 Data too long for column
- PHP max characters in a variable + SQL Insert optimization
- PHP and MYSQL maximum variable length?