Search code examples
javascriptphpform-data

Can the value with formdata be a text datatype?

I use formData to upload data to the server and the data for the body I am saving as a text datatype in the database. I found out that when there is punctuation like: ' - " etc. as value in formData it gives this error: SyntaxError: Unexpected token < in JSON at position 0. When the body contains comma's and dots it works but not with other punctuations. FormData docs say that the value is converted to a string, therefor my question, can this string be converted to text datatype? Which I believe should then work with punctuations. Or is there any other way to have formData value work with punctuations as described above? My code:

let formData = new FormData();
formData.append("image", {uri: this.state.ImageSource.uri, name: 'image.jpg', type: 'image/jpeg'});
formData.append('video', this.state.video);
formData.append('title', this.state.title);
formData.append('body', this.state.body);
formData.append('categories', this.state.category);

let data = {
    method: 'POST',
    headers: {
        "Content-Type": "multipart/form-data",
    },
    body: formData
};

const response = await fetch(fetchUrlPhp, data);

This is the error I receive on the server side:

Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'blog', '2019-12-24')' at line 1 in D:\XAMPP\htdocs\own_website\portfolio\handle_post.php:69

Which is this query/line: 

$query = $connect->query("insert into posts ( image, video, title, body, categories, postDate ) VALUES('$target_dir', '$video', '$title', '$body', '$categories', '$date')");
Solution

  • Based on the comment of @Barmar I fixed the issue.

    The problem is that you have an unescaped quote in one of the variables.

    Hereby the answer which only needed some adjustment in my php code:

    // From
$query = $connect->query("insert into posts ( image, video, title, body, categories, postDate ) VALUES('$target_dir', '$video', '$title', '$body', '$categories', '$date')");

// To
$sql = "INSERT INTO posts(image, video, title, body, categories, postDate) VALUES(:image, :video, :title, :body, :categories, :postDate)";
$query = $connect->prepare($sql);
$query->execute(array(':image' => $target_dir, ':video' => $video, ':title' => $title, ':body' => $body, ':categories' => $categories, ':postDate' => $date));

    Answer to my own question: Can the value with formdata be a text datatype? It's a string which is close to equal to text, but in the end punctuation won't be a problem with the formdata syntax. The reason why it didn't work for me was because of the code on the server side.