The problem is that whenever I input a big-ass text in the form of

Question

0

Asked: June 9, 20262026-06-09T14:55:55+00:00 2026-06-09T14:55:55+00:00

The problem is that whenever I input a big-ass text in the form of

0

The problem is that whenever I input a big-ass text in the form of my php page and try to INSERT it through a SQL query into the database, it gives me an error like this:

“You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘ ‘sample title’, ‘spent the long months of the rainy season shut up in a small room th’ at line 1”

The query is this:

$sql = "INSERT INTO `d` (`user_id`, `title`, `message`) VALUES ($user_id, '$topic', '$message')";

The interesting thing is that it gives me no error when I manually insert the values and run the query in phpmyadmin.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-09T14:55:57+00:00

Use prepared statements:

$db = new PDO(...);
$stmt = $db.prepare("INSERT INTO `d` (`user_id`, `title`, `message`) VALUES ($user_id, :topic, :message)");
// I'm assuming that title is a VARCHAR(50) and message is a VARCHAR(500)
$stmt->bindParam(":topic", $topic, PDO::PARAM_STR, 50);
$stmt->bindParam(":message", $topic, PDO::PARAM_STR, 500);
$stmt->execute();

This places the job of escaping / properly passing data squarely in the hands of the database engine – which is where it belongs. Avoid building SQL strings from user input wherever you can and you’ll avoid many potential SQL injection attacks.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

The problem is that whenever I input a big-ass text in the form of

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply