Hello. I've been having problems with a script that is making me pull my hair out. It is a script to submit jokes to a MySQL database via a form with a textbox element, written with PHP.
The forms submits using POST method with the contents of the textbox submitted to MYSQL using the _POST variable.
Then I have another page in PHP to display the joke output as HTML. Simple stuff or so I thought.
The problem occurs whenver I try to submit a very long joke. The output as displayed in the html tends to cut off in the middle and repeat itself. There is nothing wrong with the database however as I have submitted the same input without using a form and it loads into the database without a hitch. The more I attempt to reedit using the textbox, the bigger the whole mess becomes.
I have thought perhaps that certain punctuation or characters entered into the textbox and submitted might be causing the trouble, so I have tried all kinds of PHP functions
such as str_replace, htmlspecialchars() and urlencode to alter the characters as it is being sent via my _POST variable. None of this has worked though.
This is my code sample:
function PageChange($action,$id){
global $db, $mysql_access;
mysql_select_db( $db, $mysql_access )
or error( 'Unable to find database.');
if($action == "edit"){
$header = "Edit";
}
if($action == "delete"){
$header = "Delete";
}
$query = mysql_query("SELECT * FROM jokes WHERE
id=$id", $mysql_access);
$row = mysql_fetch_array($query);
$title = $row["title"];
$joke = $row["joke"];
@mysql_close($mysql_access);
printf("<HTML>\n");
printf("<HEAD><TITLE>" . $header . " Joke " . $id . "</TITLE>\n");
printf("</HEAD>\n\n");
printf("<BODY bgcolor=#FFFFFF>\n\n");
printf("<DIV style=\"position: absolute); top: 50px; left: 50px;\">\n");
printf("<FORM action=\"admin.php\" method=POST>\n");
printf("<input type=\"hidden\" name=\"idfield\" value=\"" . $id . "\"><input type=\"hidden\" name=\"actfield\" value=\"" . $action . "\">\n");
printf("<TABLE border=\"0\" cellpadding=\"0\" cellspacing=\"0\" >\n");
printf("<TR bgcolor=\"#000000\">\n");
printf("<TD align=\"center\">\n");
printf("<TABLE>\n");
printf(" <TR bgcolor=\"#004080\"><TD>\n");
printf("<TABLE BORDER=0>\n");
printf("<TR><TD colspan=2 align=\"center\"><font size=\"2\" face=\"Verdana\" color=#FFFFFF>" . $header . " Joke " . $id);
printf("\n</TD></tr>\n");
printf("<TR><TD>\n");
printf("<font size=\"2\" face=\"Verdana\" color=#FFFFFF>Title: </font>\n");
printf("</TD><TD>\n");
printf("<input type=text name=\"title\" size=60 wrap=\"soft\" value=\"" . $title . "\" style=\"background: #FFFFFF; font-family: Verdana; font-size: 11px;\">");
printf("</TD></TR>\n");
printf("</TABLE>\n");
printf("</TD>\n");
printf("</TR>\n");
printf("<TR bgcolor=\"#EEEEEE\"><TD>\n");
printf("<TABLE BORDER=0>\n");
printf("<TR><TD bgcolor=\"#EEEEEE\">\n");
printf("<font size=\"2\" face=\"Verdana\">Joke: </font>\n");
printf("</TD><TD>\n");
print("<textarea name=\"joke\" rows=\"16\" cols=\"60\" wrap=\"soft\" style=\"background: #FFFFFF; font-family: Verdana; font-size: 11px;\">" . $joke . "</textarea>\n");
printf("</TD></TR>\n");
printf("<TR bgcolor=\"#EEEEEE\"><td colspan=2 align=\"center\">\n");
printf("<input type=\"submit\" name=\"submitchange\" value=\"". $header . " Joke\"");
if($action == "delete"){
printf( "style=\"background: #FFFFFF); font-family: Verdana); font-size: 11px);\" onClick=\"return(window.confirm('This action will delete the current record. Proceed?'));\">\n");
}else{
printf("style=\"background: #FFFFFF); font-family: Verdana); font-size: 11px);\">\n");
}
printf("</TD></TR>\n");
printf("</TABLE>\n");
printf("</TD>\n");
printf("</TR>\n");
printf("</TABLE>\n");
printf("<TR><TD> </TD></TR>\n");
printf("</TD></TR></TABLE>\n");
printf("</FORM>\n");
printf("</DIV>\n");
printf(" </BODY>\n");
printf("</HTML>\n");
}
if ($submitchange){
mysql_select_db( $db, $mysql_access )
or error( 'Unable to find database.');
if((isset($_POST['title']))&& (isset($_POST['joke']))){
$jokenum = $_POST['idfield'];
$joketitle = $_POST['title'];
$jokebody = $_POST['joke'];
$event = $_POST['actfield'];
if($event == "edit"){
$sqlchange = "UPDATE jokes SET title='" . $joketitle . "', joke='" .$jokebody . "' WHERE id='" . $jokenum . "'";
$exec=mysql_query($sqlchange, $mysql_access );
if($exec){
output_html('Joke has been edited!');
}else{
error('unable to complete request!');
}
}
if($event == "delete"){
$sqlchange = "DELETE * FROM jokes WHERE id='" .$jokenum . "'";
$exec=mysql_query($sqlchange, $mysql_access );
if($exec){
output_html('Joke has been deleted!');
}else{
error('unable to complete request!');
}
}
} else {
error('FIELDS INCOMPLETE!');
}
@mysql_close($mysql_access);
}
--------------------------CODE SAMPLE ENDS HERE---------------------
Now this is what happens when output is displayed:
- Just some SAMPLE OUTPUT
- xxxxx.
- yyyyy.
- zzzzz.
- aaaaa.
- bbbbb.
- ccccc.
- ddddd.
// Up to this point everything is perfectly sent via _POST variable but with next line it gets interrupted by previous data in a repeating pattern. The pattern may repeat several times
if the output gets long enough.
- ee5. aaaaa
- bbbbb.
- ccccc.
- ddddd
- eeeee
10.fffff
11.ggggg
... and so on
This is what is actually written in the database but none of this occurs if I use
a method other than a form to send it. Therefore it is not the db. What would make the _POST variable contents become garbled like this?
Can anyone figure this out? 😕
