homepage Welcome to WebmasterWorld Guest from 54.196.62.132
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
POST not sending data
Form variable not working correctly
jspeed




msg:4163692
 9:07 pm on Jul 2, 2010 (gmt 0)

I am to my wits end on this one. I am not a code guru, but I know my way around basic php/mysql. I am populating a textarea with a block of text from mysql. Then upon submission, it executes the update script and stores it in the database. SIMPLE RIGHT, it just will not work. I have tried changing just about everything down to the field types in mysql, to different form editors. The kicker is, any different block of text works fine. A paragraph of Lorem Ipsum works great. It is just this simple block of text that does not work? Is there some illegal word that php refuses to send? There is no error, the browser just sits there until it times out. This is the paragraph (with punctuation stripped out)

In preparation for my next career goal I obtained a loan from the Teachers Credit Union to purchase a rubber tire backhoe loader and incorporated XYZ corp in April of 1974 I began doing small jobs during weekends and off days Meanwhile my younger brother Bob graduated from Some University in Boston Massachusetts with a degree in Accounting and went to work for ABC corp a Big Eight accounting firm.


Someone please enlighten me.

Here is the code if it matters:

<?php
include("fckeditor/fckeditor.php") ;

if(isset($_GET['updateaboutus']))
{
$text=$_POST['text'];

$update_link_id = mysql_connect ($host, $user, $pass);

if (!$update_link_id)
{
die('Could not connect: ' . mysql_error());
}

if (!mysql_select_db($dbname)) die(mysql_error());

mysql_query("UPDATE $dbtable SET text = '$text' WHERE label = 'aboutus'");

$result = stripslashes(nl2br($text));

echo "<div style='color:#FF0000;font-weight:bold;'>Site Updated Successfully!</div><br />
$result
<br /><br /><a href='admin.php'>&laquo; Admin Home</a>";

mysql_close($update_link_id);
}

else {
$link_id = mysql_connect ($host, $user, $pass);

if (!mysql_select_db($dbname)) die(mysql_error());

$query="SELECT * FROM $dbtable WHERE label='aboutus'";
$result=mysql_query($query);

while ($row = mysql_fetch_array($result)) {
$text=$row["text"];

echo "<form action='?updateaboutus' name='updateaboutus' method='POST'>";

$oFCKeditor = new FCKeditor('text') ;
$oFCKeditor->BasePath = '/beta/admin/fckeditor/' ;
$oFCKeditor->Height='300';
$oFCKeditor->Value = $text ;
$oFCKeditor->Create() ;
}

mysql_close($link_id);
}
?>

<input type='hidden' name='label' value='aboutus' /><input type='submit' value='SUBMIT' class='button'></form>

 

Matthew1980




msg:4163700
 9:38 pm on Jul 2, 2010 (gmt 0)

Hi there jspeed,

Sounds obvious, but have you used print_r($_POST); in the receiver script to see exactly what is being passed to the script - and if it's the expected data?;

<?php
include("fckeditor/fckeditor.php") ;

if(isset($_GET['updateaboutus']))
{
echo "<pre>";
print_r($_POST);
print_r($_GET);
echo "</pre>";
exit;

Try that to see what comes through, then take it from there.

Also, I haven't seen this before I don't think:-

if (!mysql_select_db($dbname)) die(mysql_error());

Is it valid syntax, surely for ease of reading it would be:-
if(!mysql_select_db($dbname)){ die(mysql_error());}

It more than likely is valid syntax, but I always use parethesis for if/else structuring.

And, this may be a reserved word somewhere:-

mysql_query("UPDATE $dbtable SET text = '$text' WHERE label = 'aboutus'");

I would back tick that to be safe :) ie: UPDATE $dbtable SET `text` = '$text' WHERE label = 'aboutus'

Other than that i'm intrigued, and standard block text is ok?, I'm assuming when you place a ' in the mix it stops...

Cheers,
MRb

jspeed




msg:4163717
 10:29 pm on Jul 2, 2010 (gmt 0)

I back tick'd "text", added brackets to the if statement and tried print_r - same results. It just sits there until it times out. Does the same thing in different browsers as well.

Like I said, if I try a different paragraph - it works fine, this is the result:

Array
(
[text] =>
Donec consequat leo iaculis mi sollicitudin eu imperdiet metus congue. Nam rhoncus, tellus sit amet feugiat scelerisque, lorem dolor commodo mi, non ultrices elit sapien posuere odio. Ut eget libero et orci laoreet vulputate. Nullam mi enim, dignissim et porta quis, iaculis ac mauris. Nam ut lorem tortor, at volutpat felis. Nunc faucibus malesuada lorem, et ornare tortor bibendum a. Aenean vitae hendrerit tellus. Vivamus venenatis leo vel diam porttitor ornare.


[label] => aboutus
)
Array
(
[updateaboutus] =>
[edit] => about
)

dreamcatcher




msg:4163813
 5:37 am on Jul 3, 2010 (gmt 0)

I`m guessing its because you aren`t filtering your content before it hits your database and things like quote marks and/or apostrophes are killing the update.

Try:

$text=mysql_real_escape_string($_POST['text']);

Also, always display the error if the query fails for debugging:

mysql_query("UPDATE $dbtable SET text = '$text' WHERE label = 'aboutus'") or die(mysql_error());

'text' is a reserved work in mysql and you are correct to use backticks.

dc

Matthew1980




msg:4163902
 10:21 am on Jul 3, 2010 (gmt 0)

Hi there jspeed,

>>Does the same thing in different browsers as well

It would do :) Don't forget that this is all server side, so no matter what browser you check it in, the results will be the same.

Try Dc's suggestion for using mysql_real_escape_string($_POST['text']); because this function is used to make data passed into it safe for mysql use, ie, it escape's apostrophe's:-
[uk2.php.net ]

I bet if you look at some of the data you are trying to use (the stuff it fails on) there are some apostrophes and the like included there.

Good luck :)

Cheers,
MRb

jspeed




msg:4164925
 8:21 pm on Jul 5, 2010 (gmt 0)

Using mysql_real_escape_string updates the entry in the database empty. It erases what was there.

I`m guessing its because you aren`t filtering your content before it hits your database and things like quote marks and/or apostrophes are killing the update.


Using the paragraph of text I posted in my initial message is what fails, there are no apostrophies or quotes.

The only other thing I can think of that could be an issue is magic quotes are turned on, and I don't have access to the php.ini file on the server where this site is hosted. I've also tried turning them off using the .htaccess method, but that does not work either.

Matthew1980




msg:4164928
 8:38 pm on Jul 5, 2010 (gmt 0)

Hi there jspeed,

To see what your server says about magic_quotes_gpc() just put the php_info() into a file and upload that, from there halfway down the page or crtl+f and search for magic_quotes_gpc, and you will see the status of that :)

Have you echoed the contents of the query that you are sending to the database and then exiting so that you are "checking before sending"?

>>This is the paragraph (with punctuation stripped out)

Are you sending the data with and without the punctuation to see if you get the same results when using the lorum ipsum... Because the block of text without punctuation should pass exactly like the lorem ipsum stuff.

I think that if you were to echo the query to screen before it got sent ie:-

echo $Query = "UPDATE `tablename` SET `pageText` = '".$UpdateText."' WHERE `anId` = 'yourId' ";
exit;

Pseudo code obviously but you get the idea, from that you can see if anything could kill it, then if there is nothing wrong from that end, you at least know the query is correct. Then you can try getting the DB involved, but I doubt there is a 'magic word' involved ;-p

Where was this text written or generated? if it is something from word or such like it won't be ascii, there is a possibility that something could get in there to screw it up, you may need to see what it looks like from a notepad point of view - admittedly clutching at straws there, but it just occurred to me, it may have no bearing on it whatsoever, but stranger things have happened...

Hope that helps :)

Cheers,
MRb

MatthewHSE




msg:4164941
 9:27 pm on Jul 5, 2010 (gmt 0)

I have a site where the server appears to choke on certain form submissions, but not all, when the data includes HTML. Sometimes I've been able to submit half the data, then half, then half, etc., until I narrow down the problem. Normally it's some word like "update" or something.

But sometimes it gets a lot more complex, as in all the chunks will go through individually okay, but won't go through as a group. I've never bothered to try to hunt out the root cause in those situations.

All that to say, it seems my shared host has some elaborate system of filtering taking place on submitted form data, before it ever gets to my scripts. You could be running into the same issue.

I'd suggest trying the trick of submitting half the data, then halving that, etc., to narrow down exactly what the problem is. When you find it, check with your host and see if they have anything going on that would cause the problems you're finding.

omoutop




msg:4165131
 8:40 am on Jul 6, 2010 (gmt 0)

@MatthewHSE:
I also run into the same problems once in a while. My "bogus" word is 'from'.
So, in every text i insert into the database, i replace the 'from' with something else, and again, on showing data, i replace it back.
I know this solution isn't perfect, so if anyone has any suggestion, please share :)

jspeed




msg:4165943
 5:31 pm on Jul 7, 2010 (gmt 0)

Thanks to all the replied!

@ MatthewHSE & omoutop
I tried what you said - replaced the word from in the text - and the update executed successfully. Now I guess i need to do something similar and replace it with something else, and replace it back

Matthew1980




msg:4166033
 7:44 pm on Jul 7, 2010 (gmt 0)

Hi all,

>>I tried what you said - replaced the word from in the text - and the update executed successfully.

Wow! That's a new one on me, there has got to be a less convoluted way of achieving this without find/replace on both sides of the insert/select. Surely you can use a few other functions around the data being inputted and linked into the sql query to see what work knowing now that there is a 'keyword' that triggers an error/failed query.

Is this a shared server or dedicated box that your host uses, and also, local testing of this piece of code, does this produce the same error? It may be worth emailing the tech people at your hosting company to see if they are aware of this, or better still can they provide you with a list of 'trigger' words. I personally haven't yet come across this, so I am rather intrigued as to the total solution to this.

Cheers,
MRb

omoutop




msg:4166469
 1:29 pm on Jul 8, 2010 (gmt 0)

trigger words are all sql syntax-words as far as i can tell.
in my case it was a shared hosting box - i didn't bother contacting them since i was lucky to found the problem easy enough (first time it occurred it was a short sentence, something like 'go from here there')

but i must also note that this problem occurred in "special" conditions/enviroment (site was heavily modified by htaccess mod_rewrite and content was almost 100% from wysiwyg editors

Matthew1980




msg:4166570
 3:18 pm on Jul 8, 2010 (gmt 0)

Hi there omoutop,

>>trigger words are all sql syntax-words as far as i can tell.

So even if you sanitise the data as best you can there is still a risk that the data you are potentially sending could contain 'trigger words' for sql, so in essence then, a function (optional) to find/replace (both on insert & select) could be a good thing to do just in case a server change was in the offing, better to code in than to retro-fit :)

Interesting... But I'm sure that there is a function for use in a Sql statement in php somewhere that will achieve something similar...

Cheers,
MRb

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved