Send a text in a db via a textarea

Question

I have on a page a form with a textarea, i want the textarea be initialised with the text (in the DB) that i want to update so i can just modify it and not rewrite everything.. I'm not sure that i'm clear.. I'm sorry, I'm French ^^

so, here is my code :

    <div class="float_left">
                    <h3>Texte & infos :</h3>
                    <br />
                    <form action="text_moulin.php" name="moulin_texte" method="post">
                        <textarea rows="6" cols="60" name="moulin_text" class="float_left"><?php printf ("%s", $row_moulin["texte"]); ?></textarea><p class="alert alert-danger center"><b>Attention !</b> Laissez "&lt;h3&gt;Moulin&lt;/h3&gt;" !</p>
                        <textarea rows="2" cols="60" name="moulin_infos" class="float_left"><?php printf ("%s", $row_moulin["infos"]); ?></textarea>
                        <input type="submit" name="submit" value="Envoyer" class="btn btn-success"/>
                    </form>
                </div>
</div>

Okay and text_moulin.php :

<?php
if(isset($_POST['moulin_text']) && isset($_POST['moulin_infos'])) {

    if ($_POST['moulin_text'] != "" && $_POST['moulin_infos'] != "") {

        include 'bdd.php';
        $text  = mysqli_real_escape_string($_POST['moulin_text']);
        $infos = mysqli_real_escape_string($_POST['moulin_infos']);
        $request_text  = "UPDATE `accueil` SET texte ='$text' WHERE id = 1";
        $request_infos = "UPDATE `accueil` SET infos ='$infos' WHERE id = 1";
        mysqli_query($base, $request_text);
        mysqli_query($base, $request_infos);
        mysqli_close($base);
        ?> <META HTTP-EQUIV="Refresh" CONTENT="0;URL=http://lab.nooco.fr/admin/admin.php"> <?php

    } else {
        echo "Tous les champs doivent êtres remplis !";
    }
} else {
    echo "Erreur, veuillez réessayer.";
}
?>

I'm sure that I have no problem with the connection to the DB, and I'm sure that I can get the text in the textarea, but when I try to write something else at the end of the text already present in the textarea and send it, the field infos and text of my table was cleared.. so I don't understand !

Thanks !

Answer 1

The mysqli_real_escape_string() function requires that the db connection be passed as the first parameter.

$text  = mysqli_real_escape_string($base, $_POST['moulin_text']);
$infos = mysqli_real_escape_string($base, $_POST['moulin_infos']);

From the manual:

Procedural style

string mysqli_real_escape_string ( mysqli $link , string $escapestr )

Also add or die(mysqli_error($base)) to mysqli_query() to check for errors, if any.

References:

• http://php.net/manual/en/mysqli.real-escape-string.php
• http://php.net/manual/en/mysqli.error.php

---

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Error reporting should only be done in staging, and never production.

---

Footnotes:

Make sure that your DB connection is indeed mysqli_ and not another MySQL API. Those different functions do not intermix with each other.

• https://php.net/mysqlinfo.api.choosing

In mysql_, passing the connection to mysql_real_escape_string() was not always required, and you may have just gotten started into using mysqli_ functions, and thinking you did not have to pass the connection parameter to its MySQLi equivalent.

• That isn't the case. MySQLi functions now require the connnection be passed.
• http://php.net/manual/en/book.mysqli.php

---

Final notes:

This block:

if(isset($_POST['moulin_text']) && isset($_POST['moulin_infos'])) {

    if ($_POST['moulin_text'] != "" && $_POST['moulin_infos'] != "") {

can be reduced to

if(!empty($_POST['moulin_text']) && !empty($_POST['moulin_infos'])) 

    {...}

while getting rid of the last else{...}

Answer 2

You said, you are sure with database connection and you don't know why row data are replaced.

First of all, I think you need to prepared error reporting statement. It good practice too. Does "bdd.php" has prepared mysqli error connection report?

<?php
$con=mysqli_connect("localhost","root","root_password","my_database");
// Check connection if we have issue with database connection
if (mysqli_connect_errno())
{
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>

And "text_moulin.php" should have prepared mysqli error query statement report too

<?php
if(isset($_POST['moulin_text']) && isset($_POST['moulin_infos'])) {

    if ($_POST['moulin_text'] != "" && $_POST['moulin_infos'] != "") {

        include 'bdd.php';
        $text  = mysqli_real_escape_string($_POST['moulin_text']);
        $infos = mysqli_real_escape_string($_POST['moulin_infos']);
        $request_text  = "UPDATE `accueil` SET texte ='$text' WHERE id = 1";
        $request_infos = "UPDATE `accueil` SET infos ='$infos' WHERE id = 1";

        // Perform a query and check for error
        if (!mysqli_query($base, $request_text)
            {
                echo("Error description: " . mysqli_error($con));
            }

        // Perform another query and check for error
        if (!mysqli_query($base, $request_infos)
            {
                echo("Error description: " . mysqli_error($con));
            }

        mysqli_close($base);
        ?> <META HTTP-EQUIV="Refresh" CONTENT="0;URL=http://lab.nooco.fr/admin/admin.php"> <?php

    } else {
        echo "Tous les champs doivent êtres remplis !";
    }
} else {
    echo "Erreur, veuillez réessayer.";
}
?>

You SQL query are referring to ID=1 only.. Mean, each time the sql query are executed , the data inside ID=1 will be replaced.

So I suggest you to create a dynamic ID for update statement. Make sure the ID are already exist before replace it. I mean, insert statement for that ID had been done before.