php script sending blank info to mysql database

[hashstar]

Hi there,

 

I am using this code to send the users email address to the database. That works fine, but i keep getting blank info added to the database. Does anyone know how i can stop this?

 

<?php
$con = mysql_connect("*","*","*");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("ogs_mailinglist1", $con);

$sql="INSERT INTO mailinglist (email)
VALUES
('$_POST[rec_email]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }

mysql_close($con);
?>

 

 

Thanks,

 

[darkfreaks]

you need to concecate your post values in your MYSQL either using doublequotes and dots or curly braces.

[wigwambam]

Change:

$sql="INSERT INTO mailinglist (email) VALUES ('$_POST[rec_email]')";

 

To:

$sql="INSERT INTO mailinglist (email) VALUES ('" . mysql_real_escape_string($_POST['rec_email']) . "')";

[Jessica]

You also need to check if there's even anything in there.

[hashstar]

You also need to check if there's even anything in there.

 

How do you mean, check if there is anything in there?

[wigwambam]

Check that the variable $_POST['rec_email'] has a value before attempting to write to database.

[Jessica]

you can use a combination of isset and strlen to make sure there is something in that variable. It could just be blank.

[Barand]

When processing form data I usually put this code at the beginning of my script so I can check exactly what is being sent:

 

echo '<pre>' . print_r($_POST, true) . '</pre>';

[hashstar]

Change:

$sql="INSERT INTO mailinglist (email) VALUES ('$_POST[rec_email]')";

 

To:

$sql="INSERT INTO mailinglist (email) VALUES ('" . mysql_real_escape_string($_POST['rec_email']) . "')";

 

 

Hi again,

 

I changed my code as you suggested but am still getting some blank data sent to the database. I'm sure that this data is coming from blank forms being filled in.

 

[PFMaBiSmAd]

The code you posted is intended to process a form submission. In order to do that, it needs to do two things  -

 

1) Check that the page was requested due to a form submission (ignore all other requests for the page.)

 

2) Validate the submitted data to make sure it exists and is what you expect.

 

Sample code that shows this (along with escaping string data being put into a query statement) -

 

<?php

// form processing code, test if a form submitted to this page
if(strtolower($_SERVER['REQUEST_METHOD']) == 'post'){
// was a form, process the form data

$errors = array(); // use an array to hold validation errors

// filter/validate the expected data
$rec_email = trim($_POST['rec_email']); // trim any starting/ending white-space
if($rec_email == ''){
	$errors[] = "Email cannot be empty.";
} else {
	// test if value has the correct format
	if(function_exists('filter_var')){ // php5.2 or better
		if (!filter_var($rec_email, FILTER_VALIDATE_EMAIL)) { 
			$errors[] = "Email address format is not valid.";
		}
	} else {
		// alternate code to validate email format would go here (php < 5.2) ...

	}
}

// other validation tests as needed by your application ...

// if no validation errors, use the form data here...
if(empty($errors)){
	$con = mysql_connect("*","*","*");
	if (!$con){
		die('Could not connect: ' . mysql_error());
	}
	mysql_select_db("ogs_mailinglist1", $con);

	$sql=sprintf("INSERT INTO mailinglist (email) VALUES ('%s')",
		mysql_real_escape_string($rec_email));

	if (!mysql_query($sql,$con)){
		die('Error: ' . mysql_error());
	}

	mysql_close($con);
}
} else {
// not a form submission, handle that state here...

// what you do here depends on if this page only handles the form submission or if the form itself is on this same page...
}

// display any errors
if(!empty($errors)){
echo "Please correct the following errors:<br />";
foreach($errors as $error){
	echo "$error<br />";
}
}
// if the form is on this same page, you would display/redisplay it here, otherwise output a link back to the form page or store any errors and submitted data in session variables and redirect back to the form page ...