0

I have a form field where someone can post a google maps (html) url which I then want to put into the database. Then I am retrieving it to use the html embedded map directly on my page. I have tried using urlencode() and htmlspecchars() but:

a) I'm not sure if $_POST is mishandling the data in the first place b) I'm not sure the best way to store a long url like this in mySQL

The database entry is fine, it goes in, but not all of it. Not sure where it's getting chopped up. My db col is VARCHAR set to 4000.

html:

<p class="form-title">Google map link</p>
<textarea id="map_link" cols="100" rows="5" name="maplink_entry"></textarea>

php database entry:

$map_link_entry = $_POST['map_link_entry'];
$safe_map_link_entry = mysql_real_escape_string($map_link_entry);
$query_do_entries = mysql_query("INSERT INTO all_places VALUES ('',(NOW()), '$address_entry','$safe_map_link_entry', '$username_entry', '$like', '$dislike', '$source')");

php database retrieval:

$result = '';

while ($row = mysql_fetch_assoc($query)) {
  $result .= '<li>';      
  $result .= stripslashes($row['map_link']);  
  $result .= '</li>';
 }

Roughly, a gmaps url is around 1134 chars but this is all I get back out:

<iframe width="425" height="350" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" src="http://maps.google.com/maps?f=q

Any help much appreciated...thanks.

Improve this question

2 Answers 2

Reset to default
2

You don't use URL/HTML operations to prepare a string to database operations. That's like using a kitten to hammer in a nail.

use mysql_real_escape_string() - that's the right tool. Anything else is a pointless waste of time.

$url = $_POST['...'];
$safe_url = mysql_real_escape_string($url);

$sql = "INSERT ... VALUES ('$safe_url');";

As well, never EVER assume a database operation has succeeded. You must ALWAYS check return values:

$result = mysql_query($sql);
if ($result === FALSE) {
    die(mysql_error()); // you'll want something better for when this goes into production
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Hey Marc. Thanks for your anser, I'll give it a try. (I am testing the db entry, just didn't paste it in here...)
Lol, I happened to read 2 of your answers (on different questions) in close succession and I was suddenly strocken by the awesome imaginery you use (the zucchini, the kittens). You're great, man!
1

I solved this by using PHP to regenerate all the map code, and just added in the user's search terms stored in the database. This is better than storing the entire link which is unnecessary and cumbersome to prepare in PHP anyway.

This also means the user does not need to get and post an entire google maps link. I just ask them for a location, then attempt to refine it using the googlemaps query strings (http://querystring.org/google-maps-query-string-parameters/).

Final output code is:

// set up variables
$output = '';
$map_width = '600';     // map frame width
$map_height = '350';    // map frame height

while ($row = mysql_fetch_assoc($query)) {

    $location = stripslashes($row['location']);
    $city = stripslashes($row['city']);

    // compile resulting html with variables and db results
    $output .= "<iframe width='" . 
                $map_width . "' height='" . $map_height . 
                "' frameborder='0' scrolling='no' 
                marginheight='0' marginwidth='0' src='"; 

    // the original search query (googlemaps api uses "q=...")          
    $output .= "http://maps.google.com/maps?q=" . $location;

    // location to refine the query (googlemaps api uses "near=...")
    $output .= "&amp;near=" . $city;    

    // set map to 'terrain'                     
    $output .= "&amp;t=p";  

    //zoom level            
    $output .= "&amp;z=15";                         
    $output .= "&amp;output=embed'></iframe>";  

    $output .= "<br /><small><a href='" . $location . 
                "&amp;output=source' target='_blank' 
                style='color:#0000FF;text-align:left'>
                View Larger Map</a></small>";   
}

// print it all out
echo $output;
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.