PDA

View Full Version : Storing Text Area into MySQL Database...


ViN86
07-06-07, 10:00 AM
i created a <TEXTAREA> to allow users to enter comments. i want to store this in the database. my questions are:

1. what type of field should it be? varchar(MAX)?
2. what is the maximum length of the column in the database? i want to limit the text area so i can prevent users from entering too much text
3. how do i store the text from the text area into the database? what value do i reference? is it just like a normal text type input?

heres what my code looks like for the textarea:
<tr>
<td colspan="2" align="center"><TEXTAREA NAME="Comments"
ROWS="8" COLS="100"
style="color:White;background-color:Black;width:600px;">
</TEXTAREA>
</tr>

fivefeet8
07-06-07, 10:40 AM
If you want to limit text, you should use a char type field. This will allow you to limit the characters inputted to a maximum of 255 characters. Text fields in mysql are limited to 65kb. There are other larger type text fields in mysql as well. Of course you could also use php or javascript to check and keep the posted string at a certain size before adding them into the table.

evilghost
07-06-07, 11:28 AM
1) I use TEXT (65535 characters). Other choices can be BLOB (binary). In your case TEXT would be better than CHAR or VARCHAR. See http://dev.mysql.com/doc/refman/5.0/en/storage-requirements.html

2) TEXT is 65535, or 2^16

3) $_POST['Comments'] but you better be sure you substr(mysql_escape_string($_POST['Comments']),0,65535)

ViN86
07-06-07, 01:03 PM
1) I use TEXT (65535 characters). Other choices can be BLOB (binary). In your case TEXT would be better than CHAR or VARCHAR. See http://dev.mysql.com/doc/refman/5.0/en/storage-requirements.html

2) TEXT is 65535, or 2^16

3) $_POST['Comments'] but you better be sure you substr(mysql_escape_string($_POST['Comments']),0,65535)
thx ghost didnt know about that 3rd one.

evilghost
07-06-07, 01:04 PM
Glad to help, just make sure you're running mysql_escape_string() on any user-passed data you're writing to the database to avoid SQL injection.

radekhulan
07-06-07, 07:50 PM
Better use mysqli_real_escape_string(), it takes opened DB connection into account, and escapes string according to its charset (UTF8 by default).

evilghost
07-06-07, 09:04 PM
True, evidently mysql_escape_string() is now depreciated; no idea when they ddi that.

t3hl33td4rg0n
07-08-07, 04:09 AM
Probably because they want to use mysqli_xxx for functions of that sort instead of mysql_xxx. Just a guess though.

radekhulan
07-08-07, 03:18 PM
In fact, there are 3 ways to manipulate MySQL DB.

* mysql set of functions (MySQL 3.x, 4.0) - mysql_escape_string()
* mysqli set of functions (MySQL 4.1, 5.x) - mysqli_real_escape_string()
* PDO set of functions (can be used as a DB layer) - PDO::quote()

If you are coding a new project, you should use PDO, as it is database independent (if you do it right way):
http://php.net/pdo

evilghost
07-08-07, 05:58 PM
I've never heard of PDO, excellent information, thanks radekhulan.

radekhulan
07-09-07, 05:30 AM
In fact, PDO is extremely important for SQLite, as there is no way to access SQLITE3 except PDO. sqlite() functions support SQLITE2 only, which is buggy and limited in functionality. PDO functions can support SQLITE2 *and* SQLITE3:
http://www.php.net/manual/en/ref.pdo.php#pdo.drivers

ViN86
07-09-07, 08:00 AM
hmmm, PDO. ill have to look into that, thx :D


ill use the mysqli_xxx cmds for the escape strings too, thx.

ViN86
07-11-07, 02:16 PM
should i move all my cmds over to the MySQL Improved set of functions? what are the benefits?

http://us.php.net/manual/en/ref.mysqli.php

evilghost
07-11-07, 02:24 PM
Looks like mysqli doesn't support persistent connections...

ViN86
07-12-07, 07:05 AM
Looks like mysqli doesn't support persistent connections...
thats not cool. ive been googling it and a lot of ppl say its faster though. the speed may not be worth the hassle.