douaoj0994 2014-11-28 16:05
浏览 13
已采纳

MySQL不会接受超过350个字符的数据?

I have a form where users can submit their feedback. Everything runs fine if their feedback is less than 60-70 words. As the feedback exceeds the limit, it throws an error.

I used this command for create my table:

CREATE TABLE RECORDS (ID INT NULL PRIMARY KEY, AUTO_INCREMENT, NAME VARCHAR(100), OFF VARCHAR(100), PROBLEM VARCHAR(1000));

If the feedback is some where around 5-10 words, it is accepted. My PHP:

$dbh = new PDO ("mysql:host=localhost; dbname=reports", "root", "sd22");
$dbh2 = new PDO ("mysql:host=localhost; dbname=sreports", "root", "sd22");
   } catch (PDOException $e) {                                 
       server_misconfig ();                                                                            }


       $log_uhashD = $dbh -> exec ("INSERT INTO `RECORDS` (`name`, `officer`, `problem`) VALUES ('$cname', '$vname', '$tarea')");
       $log_hashD = $dbh2 -> exec ("INSERT INTO `SRECORDS` (`name`, `officer`, `problem`) VALUES ('$hcname', '$hvname', '$tarea')");

    while (!$log_uhashD == '1') {
               db_logfail ();
               die();
           }
           while (!$log_hashD == '1') {
               db_logfail ();
               die();
           }


        $dbh = null;                
        $dbh2 = null;               
        JewelWrap ();

My form:

<div id="jewel-Report">
    <form action="record_report.php" method="post">
        <div id="jewel-cName"><p>Your name:&nbsp;</p>
            <input type="text" name="jewel-cName" autocomplete="off">
            <div id="jewel-vName"><p>OFF:&nbsp;</p>
                <input type="text" name="jewel-vName" autocomplete="off"></div>
                <div id="jewel-tArea"><p>Describe your problem:&nbsp;</p><textarea rows="10" cols="50" name="jewel-tArea"></textarea></div>
                <button name="jewel-submit" type="submit">Submit</button>
                </form>
            </div>
  • 写回答

3条回答 默认 最新

  • dounan9070 2014-11-29 11:47
    关注

    You say this is the error you get:

    I got this error: PDO::errorInfo(): Array ( [0] => 42000 [1] => 1064 [2] => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's ability of holding the data. We believe that the restrictions and impositions ' at line 1 )

    What that indicates is that an apostrophe in the text—probably a possessive, something like "the person's ability of holding the data"—is causing your statement to be terminated.

    So, the problem is what I (and juergen d) thought it was: you're actually not sanitising your input. You need to escape those apostrophes, otherwise the query engine will see them as closing quotes, terminating the string literal, and feeding the rest of the text in the string into the query parser as if it were SQL.

    The best way would be to use PDO prepared statements to bind your parameters, rather than trying to splice them into the SQL statement using string manipulation.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥20 机器学习能否像多层线性模型一样处理嵌套数据
  • ¥20 西门子S7-Graph,S7-300,梯形图
  • ¥50 用易语言http 访问不了网页
  • ¥50 safari浏览器fetch提交数据后数据丢失问题
  • ¥15 matlab不知道怎么改,求解答!!
  • ¥15 永磁直线电机的电流环pi调不出来
  • ¥15 用stata实现聚类的代码
  • ¥15 请问paddlehub能支持移动端开发吗?在Android studio上该如何部署?
  • ¥20 docker里部署springboot项目,访问不到扬声器
  • ¥15 netty整合springboot之后自动重连失效