Goofy MySQL Insertion Issue

[Whogister]

Ok, I am having this MySQL issue that is driving me insane. I never had this problem until after the 1st of the year so I have no idea!

My insertions work fine when I first create my database and do my coding. I wake up the next day and the insertions are broken. They just don't work anymore...

I am thinking it has something to do with my "about" field since I do a quick test by adding only one word in the text field and it works and then I can add more data as normal, everything works again until the next day and it breaks again. Very strange...

Do I need to structure my "about" field another way?
Here is what I have below:

Field:
about

Type:
text

Collation:
latin1_swedish_ci

Null:
no

 

[Kate]

It would be good if you could post code

 

[Whogister]

Which code?

 

[user-7256]

Are you inserting values programmatically or using an administration app (like phpMyAdmin, MySQL Administrator, etc)?

 

[Whogister]

It's this form right here
http://www.itsyourforum.com/addforum.php

If I put more than a sentence or two in the description field it does not insert the new row into the DB. But if I just put one word it works fine.

The strange thing is that it was all working fine last night and now all of a sudden it's all goofy like this...

 

[user-7256]

But what does the actual insertion code look like?

 

[Whogister]

The "about" is the the description field.

mysql_query("INSERT into forums
(name,about,main_link,keywords,email,password,verify,cid)
VALUES
('$name','$about','$main_link','$keywords','$email','$password','$verify','$cid')");

 

[qbert220]

You are not escaping the strings passed to the query. If you put a single quote in your string, the query will fail with an error. You should probably have:

mysql_query("INSERT into forums
(name,about,main_link,keywords,email,password,verify,cid)
VALUES
('".mysql_real_escape_string($name)."','".mysql_real_escape_string($about)."','".mysql_real_escape_string($main_link)."','".mysql_real_escape_string($keywords)."','".mysql_real_escape_string($email)."','".mysql_real_escape_string($password)."','".mysql_real_escape_string($verify)."','".mysql_real_escape_string($cid)."')");

 

[Kate]

Also you have a field which reads :
veri fy (with spaces)

 

[Whogister]

Thanks, I used your code and it worked when I did a test this morning.
Hopefully this will KEEP it working...

You are not escaping the strings passed to the query. If you put a single quote in your string, the query will fail with an error. You should probably have:

mysql_query("INSERT into forums
(name,about,main_link,keywords,email,password,verify,cid)
VALUES
('".mysql_real_escape_string($name)."','".mysql_real_escape_string($about)."','".mysql_real_escape_string($main_link)."','".mysql_real_escape_string($keywords)."','".mysql_real_escape_string($email)."','".mysql_real_escape_string($password)."','".mysql_real_escape_string($verify)."','".mysql_real_escape_string($cid)."')");

 

[user-7256]

It will. But that code is pretty nasty looking.

I'd recommend pulling the mysql_real_escape_string functions out of the actual query and then keep the query as simple as possible.

Better yet, loop through the $_POST array with foreach and just type the function once and do it in about 2 lines of code:

foreach ($_POST as &$var)
    $var = mysql_real_escape_string($var);

 

[Whogister]

You lost me there...
I can do basic coding but that's about it.

I'm the only one that will see it so I don't care about looks.
But if it affects performance than that's a different story.