[RESOLVED] kalender(update) admin site

i'm having problems updating a calender to my database...

it does what its supposed to but it just won't add the calendar, it will let me write small things like a few words only... so how can i make it able to write the whole calendar in?

the code of the site:

Code:

---

<?php
session_start();
if(session_is_registered(myusername)){
if (isset($_POST['kalender']))
{
    if (empty($_POST['kalender']))
        {
  echo "jeg skriver ikke ingenting ind i databasen ;)";
        } else {
       
  $connection = mysql_connect("localhost","root","");
  mysql_select_db("kalender",$connection);
 
  $counter = mysql_query("SELECT * FROM kalender WHERE id = '1' "); /* made id to 1 because i wouldn't need more then 1 in this */
  $num = mysql_num_rows($counter);
  $kalender = $_POST['kalender'];
  if ($num == 0) {
  $result = mysql_query("INSERT INTO kalender (kalender) VALUES ('$kalender')");
  } else {
  $result = mysql_query("UPDATE kalender SET kalender = '$kalender' WHERE id = '1'");
  }

 
  if ($result) {
    echo "Success! :)";
  }
  else {
    echo "hmmm... der skete lidt af en fejl :(";
  }
  }
 

}
  ?>
<form name="opret2" action="?a=opret2" method="POST">
<table border="0">
<tr>
<td>Indsæt Kalender:<br>
&nbsp;&nbsp;<textarea cols="30" rows="10" name="kalender"></textarea></td>
</tr>
<tr>
<td>
<input type="submit" cols="30" rows="10" name="submit" value="Opret Event"></td>
</tr>
</table>
</form>

<?php
} else {
include("loginform.php");
}
?>

---

the code of the calender, i have no clue if it should be the size(length, size), i made a program to generate the code..

Code:

---

<table width='100%' border='1' style='border-width:1px;background:url(background2.PNG);border-collapse:collapse;'>
<tr style='text-align:right;vertical-align:top;height:40px;'>
<td colspan='7' ALIGN='center' VALIGN='middle' style='padding:2px;'><h1><b>Januar 2010</b></h1></td>
</tr>
<tr style='text-align:center;height:40px;'>
<td><h3>Mandag</h3></td>
<td><h3>Tirsdag</h3></td>
<td><h3>Onsdag</h3></td>
<td><h3>Torsdag</h3></td>
<td><h3>Fredag</h3></td>
<td><h3>Lørdag</h3></td>
<td><h3>Søndag</h3></td>
</tr>
<tr style='text-align:right;vertical-align:top;height:60px;'>
<td>&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>1&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>2&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>3&nbsp;<br><center><a href='?b=Events'></a></center></td>
</tr>
<tr style='text-align:right;vertical-align:top;height:60px;'>
<td>4&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>5&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>6&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>7&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>8&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>9&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>10&nbsp;<br><center><a href='?b=Events'></a></center></td>
</tr>
<tr style='text-align:right;vertical-align:top;height:60px;'>
<td>11&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>12&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>13&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>14&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>15&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>16&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>17&nbsp;<br><center><a href='?b=Events'></a></center></td>
</tr>
<tr style='text-align:right;vertical-align:top;height:60px;'>
<td>18&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>19&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>20&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>21&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>22&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>23&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>24&nbsp;<br><center><a href='?b=Events'></a></center></td>
</tr>
<tr style='text-align:right;vertical-align:top;height:60px;'>
<td>25&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>26&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>27&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>28&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>29&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>30&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>31&nbsp;<br><center><a href='?b=Events'></a></center></td>
</tr>
<tr style='text-align:right;vertical-align:top;height:60px;'>
<td>&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>&nbsp;<br><center><a href='?b=Events'></a></center></td>
<td>&nbsp;<br><center><a href='?b=Events'></a></center></td>
</tr>
</table>

---

So you're saying when you do your insert/update it isn't putting the proper value?

What is the value of $_POST['kalender']) and how are you sending it to this script?

the form he's using to submit it is at the bottom of that script.

but, I'm having a hard time understanding the problem. if it "does what it's supposed to," then how is it not working? what do you mean "it won't add the calendar"? are you simply trying to add all of that HTML into the database? if so, then this obviously won't work because you're trying to store a string in a database that has single and double quotes, and you never thought to escape any of them. use mysql_real_escape_string() on $_POST['kalendar'] before inserting it. if you don't do this, you'd also be opening yourself up to SQL injection :/ then, make sure the kalendar field in your database is TEXT and not a VARCHAR or something.

Ok, after reading your post, kows, I totally realise what he was asking. Yeah, completely disregard my comment, kows has it nailed.

kows if i type in like test for example then it will write into the database and show on the page i want, but if i try to put the code of the kalendar it wont write to the database...

and kfcSmitty, i get confused sometimes too ;)


edit: now that i read the post fully kows, i believe i should mysql_real_escape_string() for this to work? and its TEXT and not VARCHAR..

just like this?

Code:

---

mysql_real_escape_string($_POST['kalender']);

---

edit: tried what you told me kows, it worked, thanks.. i replaced the line

Code:

---

  $kalender = $_POST['kalender'];

---

with

Code:

---

$kalender = mysql_real_escape_string($_POST['kalender']);

---