1

I have make a form with this code:

<form action="action.php" method="POST">
HTML:
<textarea name="html"></textarea>
<input type="submit">
</form>

and Insert it with php :

<?php
include "database.php";
$html = mysqli_real_escape_string($connect, $_POST['html']);
$insert = mysqli_query($connect, "INSERT INTO data VALUES('$html')");
?>

I have used that, and it successfully inserted to mysql, but some of my html string is missing Example: if i insert 2000 character of html, it just insert 250 character Note: I'm using jquery to post the form

$.ajax({
        url     : url_login,

        data    : 'html='+html, 

        type    : 'POST',

        dataType: 'html',

        success : function(mess){
            $('#content').html(mess);
        },
    });

Please help

Improve this question
12
  • 3
    Did you check the database field to make sure it allows more than 250 characters? Commented Aug 30, 2017 at 16:22
  • Why are you storing entire chunks of HTML data? (Yes, I know there are plenty of cases where this is fully valid, but this may be an XY problem) Commented Aug 30, 2017 at 16:25
  • yes, i have set it to longtext Commented Aug 30, 2017 at 16:25
  • Make use of prepared statements and validate $_POST. Commented Aug 30, 2017 at 16:26
  • 1
    WARNING: When using mysqli you should be using parameterized queries and bind_param to add user data to your query. DO NOT use manual escaping and string interpolation or concatenation to accomplish this because you will create severe SQL injection bugs. Accidentally unescaped data is a serious risk. Using bound parameters is less verbose and easier to review to check you’re doing it properly. Commented Aug 30, 2017 at 17:26

1 Answer 1

Reset to default
1

You should follow the format as mentioned by jQuery AJAX documentation:

change,

data    : 'html='+html,

to,

data : { 
    html: html
}

The format that is being use is known as a object where you specify key/values (as many as you'd like).

Note

  1. Seeing as you are using mysqli_* consider usng prepared statements to prevent SQL injection.
  2. Validate your $_POST with isset and empty to ensure that the fields are set to prevent errors.
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Not only is this easier to read, but it properly escapes the content in html.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.