Let's break down why your long text isn't saving while short text works—there are a few critical issues in your code that are causing this silent failure:

1. Syntax Error in Your SQL Query #

Looking at your PHP/SQL code, your INSERT statement is missing a closing parenthesis at the end, which breaks the entire query:

$sql = "insert into tbl_text (id, text_01) values ($id, '" . $data['text_01'] . "'; 
// Missing closing ')' here --------------------^

This syntax error causes the database to reject the query entirely, but since you don't have error handling in place, you won't see any feedback on the page. It’s possible your short text test was run with an accidental fix to this syntax issue, which is why it worked.

2. Unescaped Special Characters in Long Text #

Long text often contains characters like single quotes ('), newlines, or emojis. When you directly concatenate user input into your SQL query without escaping these characters, they break the query string. For example, a single quote in your text will terminate the SQL string early and throw a syntax error. Short text might not have these characters, so it slips through without issues.

Worse, this direct concatenation is a massive SQL injection vulnerability—never handle user input this way!

3. Missing Query Execution & Error Handling #

Your code defines the $sql variable, but there’s no code to actually run the query (like mysqli_query($conn, $sql) or $pdo->exec($sql)), and no checks to catch errors when the query fails. Without this, you’ll never know why the insert didn’t work—you’ll just get a silent failure.

4. Potential Issues with the $id Variable #

Your INSERT statement includes an id value, but your table structure shows id is NOT NULL but not marked as AUTO_INCREMENT. If $id is empty, duplicate, or not set correctly, the database will reject the insert. If this is supposed to be a unique auto-generated ID, you should let MySQL handle it instead of manually passing a value.

Fixes to Get Your Long Text Saving #

Here’s a corrected, secure version of your code using prepared statements (PDO example, which is more flexible and secure):

Step 1: Update Your Database Table (if needed) #

If id should be an auto-generated unique key:

ALTER TABLE tbl_text 
  MODIFY COLUMN id int(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
  MODIFY COLUMN text_01 TEXT CHARACTER SET utf8mb4; -- utf8mb4 supports all Unicode characters (including emojis)

Step 2: Corrected PHP Code #

// First, set up your PDO database connection (adjust credentials to match your setup)
$dsn = 'mysql:host=your_host;dbname=your_db;charset=utf8mb4';
$pdo = new PDO($dsn, 'your_username', 'your_password');
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // Enable detailed error reporting

$_POST = filter_var($_POST, FILTER_CALLBACK, ['options' => 'trim']);

if (isset($_POST['saveCover']) && !empty($_POST)) {
    $textContent = $_POST['text_01'];
    
    error_log("Attempting to insert new text.");
    
    // Use a prepared statement to safely handle user input
    $sql = "INSERT INTO tbl_text (text_01) VALUES (:text)"; // Omit id if using AUTO_INCREMENT
    $stmt = $pdo->prepare($sql);
    $stmt->bindParam(':text', $textContent, PDO::PARAM_STR); // PARAM_STR works perfectly for TEXT fields
    
    try {
        $stmt->execute();
        echo "Text saved successfully!";
    } catch (PDOException $e) {
        error_log("Insert failed: " . $e->getMessage());
        echo "Failed to save text. Check your server error logs for details.";
    }
}

Key Improvements: #

• Prepared Statements: Eliminates SQL injection risks and automatically handles special characters in long text (no manual escaping needed).
• Error Handling: Catches and logs database errors so you can debug issues instead of getting silent failures.
• Proper Character Set: Uses utf8mb4 to support all Unicode characters, including emojis or non-Latin scripts that might be in your long text.
• Auto-Increment ID: Lets MySQL handle generating unique IDs, avoiding issues with manual $id values.

If you’re using mysqli instead of PDO, the approach is similar—use mysqli_prepare() and mysqli_stmt_bind_param() to avoid direct string concatenation.

内容的提问来源于stack exchange，提问作者Henry Omondi