I have a form where users can submit their feedback. Everything runs fine if their feedback is less than 60-70 words. As the feedback exceeds the limit, it throws an error.
I used this command for create my table:
CREATE TABLE RECORDS (ID INT NULL PRIMARY KEY, AUTO_INCREMENT, NAME VARCHAR(100), OFF VARCHAR(100), PROBLEM VARCHAR(1000));
If the feedback is some where around 5-10 words, it is accepted. My PHP:
$dbh = new PDO ("mysql:host=localhost; dbname=reports", "root", "sd22");
$dbh2 = new PDO ("mysql:host=localhost; dbname=sreports", "root", "sd22");
} catch (PDOException $e) {
server_misconfig (); }
$log_uhashD = $dbh -> exec ("INSERT INTO `RECORDS` (`name`, `officer`, `problem`) VALUES ('$cname', '$vname', '$tarea')");
$log_hashD = $dbh2 -> exec ("INSERT INTO `SRECORDS` (`name`, `officer`, `problem`) VALUES ('$hcname', '$hvname', '$tarea')");
while (!$log_uhashD == '1') {
db_logfail ();
die();
}
while (!$log_hashD == '1') {
db_logfail ();
die();
}
$dbh = null;
$dbh2 = null;
JewelWrap ();
My form:
<div id="jewel-Report">
<form action="record_report.php" method="post">
<div id="jewel-cName"><p>Your name: </p>
<input type="text" name="jewel-cName" autocomplete="off">
<div id="jewel-vName"><p>OFF: </p>
<input type="text" name="jewel-vName" autocomplete="off"></div>
<div id="jewel-tArea"><p>Describe your problem: </p><textarea rows="10" cols="50" name="jewel-tArea"></textarea></div>
<button name="jewel-submit" type="submit">Submit</button>
</form>
</div>
You say this is the error you get:
I got this error: PDO::errorInfo(): Array ( [0] => 42000 [1] => 1064 [2] => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's ability of holding the data. We believe that the restrictions and impositions ' at line 1 )
What that indicates is that an apostrophe in the text—probably a possessive, something like "the person's ability of holding the data"—is causing your statement to be terminated.
So, the problem is what I (and juergen d) thought it was: you're actually not sanitising your input. You need to escape those apostrophes, otherwise the query engine will see them as closing quotes, terminating the string literal, and feeding the rest of the text in the string into the query parser as if it were SQL.
The best way would be to use PDO prepared statements to bind your parameters, rather than trying to splice them into the SQL statement using string manipulation.
What version of MySQL are you running, and what character set are you using? Since MySQL4 has a different approach concerning character length it can save for special (utf8) characters.
Try using type text instead of varchar(1000)
CREATE TABLE RECORDS (ID INT NULL PRIMARY KEY AUTO_INCREMENT, NAME VARCHAR(100), OFF VARCHAR(100), PROBLEM TEXT);