FGOD FGOD - 7 months ago 10
SQL Question

why is my blog post entry empty when i put an enter in my post?

I updated my upload script to mysqli yesterday and after solving some errors and having trouble getting the results back from my database, I found another problem which I just can't find out why it is happening...

When I upload a new blog post it does upload it the right way to my database, but from the second I put a enter in the post it end up as an empty entry.

before i updated my script from mysql to mysqli this worked like a charm.

My guess is that I'm doing something wrong with the query, but I have no idea what I am missing here...

Thanks in advance!

here are the code parts for both the form and the upload script



<?php

session_start(); /// initialize session
include("important/passwords.php");
check_logged(); /// function checks if visitor is logged. If user is not logged the user is redirected to login.php page

// Start a session for displaying any form errors

session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>Upload Multiple Images Using jquery and PHP</title>
<!------- Including CSS File ------>
<link rel="stylesheet" type="text/css" href="style.css">

<style type="text/css">
label
{
float: left;
text-align: right;
margin-right: 10px;
width: 100px;
color: black;
}

#submit
{
float: left;
margin-top: 5px;
position: relative;
left: 43%;
}
#error
{
color: red;
font-weight: bold;
font-size: 16pt;
}

</style>
</head>

<body>
<div id="maindiv">
<div id="formdiv">
<h2 align="center">Upload en delete Blogs</h2>


<?php
if (isset($_SESSION['error']))
{
echo "<span id=\"error\"><p>" . $_SESSION['error'] . "</p></span>";
unset($_SESSION['error']);
}

?>

<form action="upload.php" method="post" enctype="multipart/form-data">

<label>Datum:</label>
<input type="text" name="date" style="width:250px;"/><br />

<label>Blogs:</label>
<textarea name="blog" style="width:250px;height:150px;"></textarea><br /><br />

<input type="submit" value="Upload" name="submit" id="submit" class="upload" />
</p>
</form>

<p>
<form action="delete_multiple.php" method="post" class="textdelete">
Wil je nieuwsberichten van de site halen?
<input type="submit" name="formSubmit" value="Submit" />
</form>
</p>

<p>
<form action="logout.php" method="post" class="textdelete">
<input type="submit" name="formSubmit" value="Logout" />
</form>
</p>
</div>
</div>
</body>
</html>







<?php

// Call our connection file
require("includes/conn.php");

$date=$_POST['date'];
$blog=$_POST['blog'];

$query="Insert into blog (date, blog) values ('$date', '$blog')";

mysqli_query($conn, $query) or die ('error updating database');


echo "Het nieuws is geupdate met '$date', '$blog'. De pagina zal over 5 seconden terug naar blogupload gaan.";
header('Refresh: 5; url=blogupload.php');
?>




Answer

You need to escape your data, in case it contains special characters.

$date = mysqli_real_escape_string($conn, $_POST['date']);
$blog = mysqli_real_escape_string($conn, $_POST['blog']);

But even better would be to use prepared statements, then you don't have to worry about this.

$query="Insert into blog (date, blog) values (?, ?)";
$stmt = mysqli_prepare($conn, $query);
mysqli_stmt_bind_param($stmt, "ss", $_POST['date'], $_POST['blog']);
mysqli_stmt_execute($stmt) or die(mysqli_error($conn));
Comments