hashstar Posted May 11, 2012 Share Posted May 11, 2012 Hi there, I am using this code to send the users email address to the database. That works fine, but i keep getting blank info added to the database. Does anyone know how i can stop this? <?php $con = mysql_connect("*","*","*"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("ogs_mailinglist1", $con); $sql="INSERT INTO mailinglist (email) VALUES ('$_POST[rec_email]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } mysql_close($con); ?> Thanks, Link to comment https://forums.phpfreaks.com/topic/262418-php-script-sending-blank-info-to-mysql-database/ Share on other sites More sharing options...
darkfreaks Posted May 11, 2012 Share Posted May 11, 2012 you need to concecate your post values in your MYSQL either using doublequotes and dots or curly braces. Link to comment https://forums.phpfreaks.com/topic/262418-php-script-sending-blank-info-to-mysql-database/#findComment-1344851 Share on other sites More sharing options...
wigwambam Posted May 11, 2012 Share Posted May 11, 2012 Change: $sql="INSERT INTO mailinglist (email) VALUES ('$_POST[rec_email]')"; To: $sql="INSERT INTO mailinglist (email) VALUES ('" . mysql_real_escape_string($_POST['rec_email']) . "')"; Link to comment https://forums.phpfreaks.com/topic/262418-php-script-sending-blank-info-to-mysql-database/#findComment-1344856 Share on other sites More sharing options...
Jessica Posted May 11, 2012 Share Posted May 11, 2012 You also need to check if there's even anything in there. Link to comment https://forums.phpfreaks.com/topic/262418-php-script-sending-blank-info-to-mysql-database/#findComment-1344859 Share on other sites More sharing options...
hashstar Posted May 11, 2012 Author Share Posted May 11, 2012 You also need to check if there's even anything in there. How do you mean, check if there is anything in there? Link to comment https://forums.phpfreaks.com/topic/262418-php-script-sending-blank-info-to-mysql-database/#findComment-1344874 Share on other sites More sharing options...
wigwambam Posted May 11, 2012 Share Posted May 11, 2012 Check that the variable $_POST['rec_email'] has a value before attempting to write to database. Link to comment https://forums.phpfreaks.com/topic/262418-php-script-sending-blank-info-to-mysql-database/#findComment-1344875 Share on other sites More sharing options...
Jessica Posted May 11, 2012 Share Posted May 11, 2012 you can use a combination of isset and strlen to make sure there is something in that variable. It could just be blank. Link to comment https://forums.phpfreaks.com/topic/262418-php-script-sending-blank-info-to-mysql-database/#findComment-1344876 Share on other sites More sharing options...
Barand Posted May 11, 2012 Share Posted May 11, 2012 When processing form data I usually put this code at the beginning of my script so I can check exactly what is being sent: echo '<pre>' . print_r($_POST, true) . '</pre>'; Link to comment https://forums.phpfreaks.com/topic/262418-php-script-sending-blank-info-to-mysql-database/#findComment-1344895 Share on other sites More sharing options...
hashstar Posted May 12, 2012 Author Share Posted May 12, 2012 Change: $sql="INSERT INTO mailinglist (email) VALUES ('$_POST[rec_email]')"; To: $sql="INSERT INTO mailinglist (email) VALUES ('" . mysql_real_escape_string($_POST['rec_email']) . "')"; Hi again, I changed my code as you suggested but am still getting some blank data sent to the database. I'm sure that this data is coming from blank forms being filled in. Link to comment https://forums.phpfreaks.com/topic/262418-php-script-sending-blank-info-to-mysql-database/#findComment-1344921 Share on other sites More sharing options...
PFMaBiSmAd Posted May 12, 2012 Share Posted May 12, 2012 The code you posted is intended to process a form submission. In order to do that, it needs to do two things - 1) Check that the page was requested due to a form submission (ignore all other requests for the page.) 2) Validate the submitted data to make sure it exists and is what you expect. Sample code that shows this (along with escaping string data being put into a query statement) - <?php // form processing code, test if a form submitted to this page if(strtolower($_SERVER['REQUEST_METHOD']) == 'post'){ // was a form, process the form data $errors = array(); // use an array to hold validation errors // filter/validate the expected data $rec_email = trim($_POST['rec_email']); // trim any starting/ending white-space if($rec_email == ''){ $errors[] = "Email cannot be empty."; } else { // test if value has the correct format if(function_exists('filter_var')){ // php5.2 or better if (!filter_var($rec_email, FILTER_VALIDATE_EMAIL)) { $errors[] = "Email address format is not valid."; } } else { // alternate code to validate email format would go here (php < 5.2) ... } } // other validation tests as needed by your application ... // if no validation errors, use the form data here... if(empty($errors)){ $con = mysql_connect("*","*","*"); if (!$con){ die('Could not connect: ' . mysql_error()); } mysql_select_db("ogs_mailinglist1", $con); $sql=sprintf("INSERT INTO mailinglist (email) VALUES ('%s')", mysql_real_escape_string($rec_email)); if (!mysql_query($sql,$con)){ die('Error: ' . mysql_error()); } mysql_close($con); } } else { // not a form submission, handle that state here... // what you do here depends on if this page only handles the form submission or if the form itself is on this same page... } // display any errors if(!empty($errors)){ echo "Please correct the following errors:<br />"; foreach($errors as $error){ echo "$error<br />"; } } // if the form is on this same page, you would display/redisplay it here, otherwise output a link back to the form page or store any errors and submitted data in session variables and redirect back to the form page ... Link to comment https://forums.phpfreaks.com/topic/262418-php-script-sending-blank-info-to-mysql-database/#findComment-1344941 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.