Jump to content

Blank record injected into database


robert_gsfame

Recommended Posts

It is likely that your page is being requested multiple times by the browser, once with the form data and a second time without the form data. Because different browsers will request a page twice for different reasons, you cannot control what the browser does and you must detect and prevent this in your form processing code.

 

Your form processing code should already be validating all the user supplied data and it should only be executing the INSERT query when all the expected data has values. This would prevent the insertion of blank records.

 

You might also have a logic error in your code that allows the INSERT query to be executed anytime the page is requested. You would need to post your actual code so that someone could see what it might be doing that could cause the symptom. A lot of log in code omits an exit statement after a header() redirect that allows search engine scripts and hackers to access the 'protected' code on a page.

Link to comment
Share on other sites

Actually users have to login first before they can insert the data into my database, i thought that if i only protect that if "empty($SESSION)" then is enough.

Only if your code is actually preventing submission of data to the page. As already posted above, a lot of people's login code does NOT actually prevent access to a page when a search engine or a hacker requests the page.

 

I never protect blank data in this case....

Then you are doomed to receive blank data. What happens when a logged in user hits the submit button without filling in all expected data or when his browser submits the page twice as has already been posted above as one of the possible reasons you are getting blank records?

 

Is it helpful enough when using captcha??

No. That does nothing to insure that you don't insert blank data. That only insures that the person (or a bot script) was good enough to correctly enter the captcha phrase. You must always validate user supplied data that you place into a database query.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.