FGOD FGOD - 2 years ago 61
SQL Question

why is my blog post entry empty when i put an enter in my post?

I updated my upload script to mysqli yesterday and after solving some errors and having trouble getting the results back from my database, I found another problem which I just can't find out why it is happening...

When I upload a new blog post it does upload it the right way to my database, but from the second I put a enter in the post it end up as an empty entry.

before i updated my script from mysql to mysqli this worked like a charm.

My guess is that I'm doing something wrong with the query, but I have no idea what I am missing here...

Thanks in advance!

here are the code parts for both the form and the upload script


session_start(); /// initialize session
check_logged(); /// function checks if visitor is logged. If user is not logged the user is redirected to login.php page

// Start a session for displaying any form errors

<!DOCTYPE html>
<title>Upload Multiple Images Using jquery and PHP</title>
<!------- Including CSS File ------>
<link rel="stylesheet" type="text/css" href="style.css">

<style type="text/css">
float: left;
text-align: right;
margin-right: 10px;
width: 100px;
color: black;

float: left;
margin-top: 5px;
position: relative;
left: 43%;
color: red;
font-weight: bold;
font-size: 16pt;


<div id="maindiv">
<div id="formdiv">
<h2 align="center">Upload en delete Blogs</h2>

if (isset($_SESSION['error']))
echo "<span id=\"error\"><p>" . $_SESSION['error'] . "</p></span>";


<form action="upload.php" method="post" enctype="multipart/form-data">

<input type="text" name="date" style="width:250px;"/><br />

<textarea name="blog" style="width:250px;height:150px;"></textarea><br /><br />

<input type="submit" value="Upload" name="submit" id="submit" class="upload" />

<form action="delete_multiple.php" method="post" class="textdelete">
Wil je nieuwsberichten van de site halen?
<input type="submit" name="formSubmit" value="Submit" />

<form action="logout.php" method="post" class="textdelete">
<input type="submit" name="formSubmit" value="Logout" />


// Call our connection file


$query="Insert into blog (date, blog) values ('$date', '$blog')";

mysqli_query($conn, $query) or die ('error updating database');

echo "Het nieuws is geupdate met '$date', '$blog'. De pagina zal over 5 seconden terug naar blogupload gaan.";
header('Refresh: 5; url=blogupload.php');

Answer Source

You need to escape your data, in case it contains special characters.

$date = mysqli_real_escape_string($conn, $_POST['date']);
$blog = mysqli_real_escape_string($conn, $_POST['blog']);

But even better would be to use prepared statements, then you don't have to worry about this.

$query="Insert into blog (date, blog) values (?, ?)";
$stmt = mysqli_prepare($conn, $query);
mysqli_stmt_bind_param($stmt, "ss", $_POST['date'], $_POST['blog']);
mysqli_stmt_execute($stmt) or die(mysqli_error($conn));
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download