CODEWITHSUNDEEP
phpmysqltextspace
Stingray89
Stingray89

Reputation:

Why is there extra space being added whenever I execute PHP code that updates any text field in a MYSQL database?

I am building a blog site and am having trouble with updating fields in my MYSQL database. Whenever I hit the update button on the form that uses PHP, it adds extra space before the text string in the MYSQL text field. Here is the PHP code:

   //UPDATE TEXT
   $updated_text = $_POST['text'.$the_post['ID'][$n]];
   if ($updated_text != "") {  
     $sql = "UPDATE posts SET TEXT = '".addslashes($updated_text)."' WHERE ID = '".$the_post['ID'][$n]."'";
     $text_result = mysql_query($sql) or die(mysql_error());
   }

Thanks

Upvotes: 1

Views: 4390

Answers (4)

Prasanth Parameswaran
Prasanth Parameswaran

Reputation: 33

If you have a space or line break (in your code editor) in between and then remove them. I had the same issue earlier, but is now fixed.

Upvotes: 0

user187840
user187840

Reputation:

I found that the empty mySQL field was inserting " " into my html form value, so I used:

$variable = trim($variable," ");

to trim the unwanted space.

Upvotes: 0

Pascal MARTIN
Pascal MARTIN

Reputation: 401002

Not sure why you have this problem, but you could first try using trim to remove white-characters at the beginning and end of your string :

$updated_text = trim($_POST['text'.$the_post['ID'][$n]]);

If this solves the problem, it's because you are receiving those whitespaces from the form -- else... Well, strange ^^


A couple of other notes :

  • When escaping data to send it to your DB server, yOu should use the functions that are specific to your DB. Here, you are working with a MySQL database, and the mysql_* function, which means you should use mysql_real_escape_string instead of addslashes.
  • You are escaping the data you're putting in the TEXT ; but, to avoid SQL injections, you should protect the data use in the where clause too.
    • If your ID is a char/varchar in DB, it means using mysql_real_escape_string on $the_post['ID'][$n] too
    • If your ID is an integer in database :
      • the quotes arround the value are not necessary : quotes, in SQL, are the string-delimiter ; there is no need for any delimiter for integers
      • you should make sure you are sending an integer to the DB ; for instance, using intval($the_post['ID'][$n])
    • This will not change anything about your problem -- but taking care of security is always best ;-)

Upvotes: 4

Brimstedt
Brimstedt

Reputation: 3140

Perhaps its an issue of the text-area tag of your html - for example if its indented or so..

Upvotes: 2

Related Questions