CODEWITHSUNDEEP
phpmysql
Jahed Hussain
Jahed Hussain

Reputation: 113

How To Send Spaces To MySQL Database

I have a form which contains some checkboxes and in one of the checkboxes, it contains a value of 'Liberal Democrats'. Once I submit this off to the database, the value isnt recorded as it has a space in it. How do I fix this problem? The following is the relevant bits of my form:

    <label>Party Standing For Election</label>
  <input name="Conservatives" type="checkbox" value="Conservatives" /> Conservative
  <input name="Liberal Democrats" type="checkbox" value="Liberal Democrats" /> Liberal Democrats
  <input name="Labour" type="checkbox" value="Labour"  /> Labour

it goes to this php page:

    <?php

$name = $_REQUEST['name'];
$date = $_REQUEST['date'];
$month = $_REQUEST['month'];
$year = $_REQUEST['year'];
$labour = $_REQUEST['Labour'];
$libdems = $_REQUEST['Liberal Democrats'];
$conservatives = $_REQUEST['Conservatives'];


$con = mysql_connect("****************************");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db('******', $con);

$sql="INSERT INTO elections (name_of_election, date, month, year, party1, party2, party3) VALUES ('$name','$date', '$month','$year','$labour', '$libdems', '$conservatives')";

if (!mysql_query($sql,$con))
  {
        die('Error: ' . mysql_error());
  }
  else 
  {
      echo '<h2>An Election Has Been Created</h2>';

  }
?>

help?

Upvotes: 0

Views: 929

Answers (2)

bucko
bucko

Reputation: 1188

Anybody can edit the HTML of your web page to put arbitrary strings into your application, even if you don't provide them an easy means to do so. Any data sent to you over the network should be regarded as hostile even if you believe you control the sender.

Upvotes: 0

Aaron W.
Aaron W.

Reputation: 9299

follow @seanbreeden's answer for fixing your main issue, but make the following changes to protect your form from SQL injection by @CanSpice:

$name = mysql_real_escape_string($_REQUEST['name']);
$date = mysql_real_escape_string($_REQUEST['date']);
$month = mysql_real_escape_string($_REQUEST['month']);
$year = mysql_real_escape_string($_REQUEST['year']);
$labour = mysql_real_escape_string($_REQUEST['Labour']);
$libdems = mysql_real_escape_string($_REQUEST['LiberalDemocrats']);    // with updated change
$conservatives = mysql_real_escape_string($_REQUEST['Conservatives']);
// ...
$sql="INSERT INTO elections (`name_of_election`, `date`, `month`, `year`, `party1`, `party2`, `party3`) VALUES ('$name','$date', '$month','$year','$labour', '$libdems', '$conservatives')";

Upvotes: 2

Related Questions