Home/ Questions/Q 8642253
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-12T11:43:46+00:00

For some reason my array values are being cut off in my DB. Here

  • 0

For some reason my array values are being cut off in my DB. Here is my php 

<?php
$con = mysql_connect("localhost","Andrew","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("mydb", $con);

$sql="INSERT INTO persons (firstname, lastname, modelid, system, department, comm,    other, shift, comments)
VALUES
('$_POST[firstname]','$_POST[lastname]','$_POST[modelid]','". implode(",",       $_POST['system']) ."','$_POST[department]','". implode(",", $_POST['comm']) ."','".   implode(",", $_POST['other']) ."','$_POST[shift]','$_POST[comments]')";

if (!mysql_query($sql,$con))
  {
 die('Error: ' . mysql_error());
  }
 echo "1 record added";

mysql_close($con);
?>

What I mean by cutoff is that my checkbox entries are being entered properly, separated by commas and all, but its almost as if there is some sort of character limit that I can enter into a single field. Just messing around I’ve added the mysql_real_escape_string in with no errors thinking that was the problem, but I still have the same issue. Has anyone seen this before or aware of any possible fixes?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Like I said in the comment, better not user mysql_* functions – better use PDO or MySQLi.

    the problem in your code is here:

    $sql="INSERT INTO persons (firstname, lastname, modelid, system, department, comm,    other, shift, comments)
VALUES
('$_POST[firstname]','$_POST[lastname]','$_POST[modelid]','". implode(",",       $_POST['system']) ."','$_POST[department]','". implode(",", $_POST['comm']) ."','".   implode(",", $_POST['other']) ."','$_POST[shift]','$_POST[comments]')";
    1. You should sanitize and validate the POST parameters before using them
    2. If you would do #1, you could use parameters like $firstname without string concatenation (which has a missing " before and after the first 3 POST parameters.

    The way I would implement this is something like:

       /*** first sanitize your POST params ***/
   $firstname = mysql_real_escape_string($_POST['firstname']));
   $lastname= mysql_real_escape_string($_POST['lastname']));
   //etc ...

   /**the query ***/
   $stmt = $dbh->prepare("INSERT INTO persons (firstname, lastname, modelid, system, department, comm,    other, shift, comments)
VALUES(:firstname, :lastname, :modelid, :system, :department, :comm, :other, :shift, :comments)");


   /*** bind the paramaters ***/
   $stmt->bindParam(':firstname', $firstname, PDO::PARAM_STR);
   $stmt->bindParam(':lastname', $lastname, PDO::PARAM_STR);
   // etc...

   /*** execute the prepared statement ***/
   $stmt->execute();
    • 0