andylord56 Posted April 7, 2013 Share Posted April 7, 2013 i have a website for a client but the database which is setup for it is getting blank information sent to it i have tested to forms they send fine on my end, but am still getting them and do not understand how or why the forms are protected by saying they must have a value in them and the database has not null on it but still ends up with nothing in it am very confused on this one anyone have any ideas on this or need more information ? Quote Link to comment https://forums.phpfreaks.com/topic/276637-blank-information-being-submitted-to-database/ Share on other sites More sharing options...
trq Posted April 7, 2013 Share Posted April 7, 2013 anyone have any ideas on this or need more informationWhat steps (if any) have you taken to debug the issue? Quote Link to comment https://forums.phpfreaks.com/topic/276637-blank-information-being-submitted-to-database/#findComment-1423372 Share on other sites More sharing options...
andylord56 Posted April 10, 2013 Author Share Posted April 10, 2013 What steps (if any) have you taken to debug the issue? well i thought that by changing the php of the site by stopping blank entries in it would stop it but it hasnt and changing the database but that has had not luck as well Quote Link to comment https://forums.phpfreaks.com/topic/276637-blank-information-being-submitted-to-database/#findComment-1423947 Share on other sites More sharing options...
mac_gyver Posted April 10, 2013 Share Posted April 10, 2013 just some guesses - 1) you are not validating the data in php form processing code. doing this in the form won't stop anyone from submitting anything they want or from submitting empty values. 2) empty form fields are not null values. they are empty strings. putting an empty string or a non-existent variable inside of ' ' in your query makes them into empty strings and the database is 100% okay with inserting empty strings. 3) the data might actually be white space characters, space, tab, newlines you need to trim, filter, validate, and escape the data in the php form processing code. Quote Link to comment https://forums.phpfreaks.com/topic/276637-blank-information-being-submitted-to-database/#findComment-1423950 Share on other sites More sharing options...
andylord56 Posted April 11, 2013 Author Share Posted April 11, 2013 just some guesses - 1) you are not validating the data in php form processing code. doing this in the form won't stop anyone from submitting anything they want or from submitting empty values. 2) empty form fields are not null values. they are empty strings. putting an empty string or a non-existent variable inside of ' ' in your query makes them into empty strings and the database is 100% okay with inserting empty strings. 3) the data might actually be white space characters, space, tab, newlines you need to trim, filter, validate, and escape the data in the php form processing code. the forms are validated, it is set as not null how do i stop empty strings that may be whats happening ? Quote Link to comment https://forums.phpfreaks.com/topic/276637-blank-information-being-submitted-to-database/#findComment-1424103 Share on other sites More sharing options...
mac_gyver Posted April 11, 2013 Share Posted April 11, 2013 posting both your form and your php form processing code would allow someone to see what your code is doing and what to change in it. Quote Link to comment https://forums.phpfreaks.com/topic/276637-blank-information-being-submitted-to-database/#findComment-1424107 Share on other sites More sharing options...
andylord56 Posted April 12, 2013 Author Share Posted April 12, 2013 posting both your form and your php form processing code would allow someone to see what your code is doing and what to change in it. <div class="formHolder"><form id="instantQuote"><b>Postcode:</b><label for="postcode"></label> <input id="postcode" type="text" min="6" placeholder="E.g. BL1 5HT" required="" /> <p id="postcode_error">Enter your postcode</p> <hr /> <b>Property Type:</b> <select id="property"><option>Please select an option</option><option>Semi Detatched House</option><option>Detached House</option><option>Terraced House</option><option>Bungalow</option><option>Shop (A2 of any kind)</option></select> <p id="property_error">Choose your property type</p> <hr /> <b>Extension Location:</b> <select id="extension"><option>Please select an option</option><option>Front Extension</option><option>Rear Single Storey Extension</option><option>Rear Double Storey Extension</option><option>Side Single Storey Extension</option><option>Side Double Storey Extension</option><option>Loft Conversion (with or without dormers)</option></select>Choose your extension location <hr /> <b>Approx floor area (metres square, max 20)</b> Length<input id="length" type="number" max="20" min="1" placeholder="E.g. 12" required="" /> Width<input id="width" type="number" max="20" min="1" placeholder="E.g. 14" required="" /> <p id="floor_error">Specify the approximate floor area</p> <input id="submit" type="submit" value="Get Quote Now!" /> <input class="reset" type="button" value="Reset" /> </form> <p id="result"></p> </div> <div class="formHolder"><form id="reqCallback" action="quote.php" method="post">HFS Planning can offer helpful and friendly advice about any work you are thinking about having done on your property. To request a free, no obligation telephone callback regarding your quote please enter your details here. <b>Full Name</b> <label for="name"></label> <input id="name" type="text" placeholder="" required="" /> <p id="name_error">Please enter your name</p> <b>Your Telephone Number</b> <label for="tel"></label> <input id="tel" type="text" placeholder="" required="" /> <p id="tel_error">Please enter your telephone number</p> <b>Your Quote Details:</b> <input id="submitReq" type="submit" value="Request Callback" /> <input class="reset" type="button" value="Reset" /> </form> <p id="success"></p> <?php include 'connect.php'; $postcode = $_POST['postcode']; $property = $_POST['property']; $extension = $_POST['extension']; $floorArea = $_POST['floorArea']; $quote = $_POST['quote']; $name = $_POST['name']; $tel = $_POST['tel']; //sanitise input function cleanInput($input) { $search = array( '@<script[^>]*?>.*?</script>@si', // Strip out javascript '@<[\/\!]*?[^<>]*?>@si', // Strip out HTML tags // Strip style tags properly '@<![\s\S]*?--[ \t\n\r]*>@' // Strip multi-line comments ); $output = preg_replace($search, '', $input); return $output; } $postcode = cleanInput($postcode); $property = cleanInput($property); $extension = cleanInput($extension); $floorArea = cleanInput($floorArea); $quote = cleanInput($quote); $name = cleanInput($name); $tel = cleanInput($tel); //remove any slashes from inputs $postcode = stripslashes($postcode); $property = stripslashes($property); $extension = stripslashes($extension); $floorArea = stripslashes($floorArea); $quote = stripslashes($quote); $name = stripslashes($name); $tel = stripslashes($tel); $date = date('d-m-Y H:i:s'); $insert = "INSERT INTO database (postcode, propertytype, extensionlocation, floorarea, quote, name, telephonenumber, date) VALUES ('$postcode', '$property', '$extension', '$floorArea', '$quote', '$name', '$tel', '$date')"; $updateresult = $db->query($insert); if($updateresult){ $to = "email"; $subject = "subject"; $message = "message $name has contacted you at $date database link: /database.php"; $headers = "From:" . $from; mail($to,$subject,$message,$headers); echo "Mail Sent."; }exit(); Quote Link to comment https://forums.phpfreaks.com/topic/276637-blank-information-being-submitted-to-database/#findComment-1424445 Share on other sites More sharing options...
mac_gyver Posted April 13, 2013 Share Posted April 13, 2013 your form processing code isn't testing if there is any data in any of the variables and it isn't even testing if a form was submitted. for each piece of submitted data you need to define what is an acceptable value and if it is required or if it can be empty. for required fields, at a minimum, you need to trim the data value and if it is empty, don't even run the code for the database query. Quote Link to comment https://forums.phpfreaks.com/topic/276637-blank-information-being-submitted-to-database/#findComment-1424575 Share on other sites More sharing options...
andylord56 Posted April 13, 2013 Author Share Posted April 13, 2013 your form processing code isn't testing if there is any data in any of the variables and it isn't even testing if a form was submitted. for each piece of submitted data you need to define what is an acceptable value and if it is required or if it can be empty. for required fields, at a minimum, you need to trim the data value and if it is empty, don't even run the code for the database query. can you provide an example please Quote Link to comment https://forums.phpfreaks.com/topic/276637-blank-information-being-submitted-to-database/#findComment-1424592 Share on other sites More sharing options...
mac_gyver Posted April 13, 2013 Share Posted April 13, 2013 one of the original purposes of php was to be a "Forms Interpreter" FI. there's probably 2,000,000 examples of php code that checks submitted form data posted all over the place on the Internet for you to find. Quote Link to comment https://forums.phpfreaks.com/topic/276637-blank-information-being-submitted-to-database/#findComment-1424599 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.