Hi All,
I have a MS-SQL database I’m populating from PHP. Some of the HTML text fields the users have the ability to essentially write as much as they want, so I cannot use varchar(8000), instead, I am using varchar(MAX), and have also tried ntext, since both of these datatypes allow more than 8000…
My problem isn’t on the database side though - to help combat SQL injection and for performance, etc, I am using the PHP "mssql_bind’ command to pass all the data to a stored procedure for execution.
So for instance, I am passing a textfield like:
[php]mssql_bind($stmt, ‘@actionplan’,$plan,SQLVARCHAR,false,false,8000);[/php]
The problem is, if the text exceeds 8000, PHP errors out with:
Warning: mssql_bind() [function.mssql-bind]: Unable to set parameter in D:\Inetpub\wwwroot…
If I change the SQLVARCHAR to SQLTEXT, the error goes away, but it still truncates the text…
How do others handle this limitation? Basically I just need a secure way to submit more than 8000 characters to the database. I was hoping to use mssql_bind, but if there is no way around the problem, then I am open to suggestions.
Thanks!