How to stop PHP from adding blank row/fields to the MYSQL database
So I have a form that looks so.
<form action="thanks.php" method="post" class="niceform" name="myform">
<table>
<tr>
<td><label for="company_name">Comp开发者_运维知识库any Name</label></td>
<td><input type="text" name="company" value="" size="38" /></td>
</tr>
// and so on
I have the validation by javascript. But the problem is that when I go directly to thanks.php from localhost/mysite/form/thanks.php I have an empty row that is inserted when I look at phpmyadmin. Thanks.php looks like so.
<?php
// open the connection
$conn = mysql_connect("localhost", "root", "password");
// pick the database to use
mysql_select_db("company_register",$conn);
$sql = "INSERT INTO `tblsignups` VALUES ('NULL', '$_POST[company]', '$_POST[email]', '$_POST[phone]', '$_POST[address]', '$_POST[comments]', '$_POST[contact_person]')";
$result = mysql_query($sql, $conn) or die(mysql_error());
mysql_close($conn);
?>
// And I have a thank you msg I display
How do I check that if some one should directly go to thanks.php I tell them to go fill the form first and do not put anything on the database
You need to check if the form was submitted. You probably want something like:
<?php
if ($_POST)
{
// open the connection
$conn = mysql_connect("localhost", "root", "password");
// pick the database to use
mysql_select_db("company_register",$conn);
$sql = "INSERT INTO `tblsignups` VALUES ('NULL', '$_POST[company]', '$_POST[email]', '$_POST[phone]', '$_POST[address]', '$_POST[comments]', '$_POST[contact_person]')";
$result = mysql_query($sql, $conn) or die(mysql_error());
mysql_close($conn);
}
?>
here is a sketch example
after receiving POST data you have to check it and raise error flag
in case of some errors show the form back instead of saving it
<?
if ($_SERVER['REQUEST_METHOD']=='POST') {
$err = array();
//performing all validations and raising corresponding errors
if (empty($_POST['name']) $err[] = "Username field is required";
if (empty($_POST['text']) $err[] = "Comments field is required";
if (!$err) {
// if no errors - saving data
// and then redirect:
header("Location: ".$_SERVER['PHP_SELF']);
exit;
} else {
// all field values should be escaped according to HTML standard
foreach ($_POST as $key => $val) {
$form[$key] = htmlspecialchars($val);
}
} else {
$form['name'] = $form['comments'] = '';
}
include 'form.tpl.php';
?>
and modify your form to make it possible to show errors
<? if ($err): ?>
<? foreach($err as $e): ?>
<div class="err"><?=$e?></div>
<? endforeach ?>
<? endif ?>
<form>
<input type="text" name="name" value="<?=$form['name']?>">
<textarea name="comments"><?=$form['comments']?></textarea>
<input type="submit">
</form>
you can check for all as
if(empty($_POST['company']))
{
//redirect or show error msg that its required
}
else
{
//do what you want
}
and accordingly for all.
if you have posted form $_POST will always be true so when you have to check for empty values you have to check like this for all.
if(empty($_POST['company']) || empty($_POST['email']) || empty($_POST['user']))
and so on.
Check if the company name has been provided in the request and is not empty. Redirect the user to the form if there is no company name, possibly with an error message.
The form:
<form action="thanks.php" method="post" class="niceform" name="myform">
<?php if($_GET['error']): ?>
<span class="error">Please fill the required fields!</span>
<?php endif; ?>
<table>
<tr>
<td><label for="company_name">Company Name</label></td>
<td><input type="text" name="company" value="" size="38" /></td>
</tr>
Thanks.php:
<?php
// Is company specified?
if(!isset($_POST['company']) || $_POST['company'] == '') {
header('Location: form.php?error=1');
exit();
}
// open the connection
$conn = mysql_connect("localhost", "root", "password");
// pick the database to use
mysql_select_db("company_register",$conn);
$sql = "INSERT INTO `tblsignups` VALUES ('NULL', '$_POST[company]', '$_POST[email]', '$_POST[phone]', '$_POST[address]', '$_POST[comments]', '$_POST[contact_person]')";
$result = mysql_query($sql, $conn) or die(mysql_error());
mysql_close($conn);
?>
Checking if there is $_POST is not enough. Redirect after the post - otherwise if you add a row, and refresh the page, you'll end up with 2 records in the database. So post to process.php, and from process.php redirect to thanks.php. Also, validate in PHP, not in JavaScript
Just check below code
<?php
// open the connection
$conn = mysql_connect("localhost", "root", "password");
// pick the database to use
mysql_select_db("company_register",$conn);
if($_POST[company]!="" or $_POST[email]!="" or $_POST[phone]!="" or $_POST[address]!="" ) {
$sql = "INSERT INTO `tblsignups` VALUES ('NULL', '$_POST[company]', '$_POST[email]', '$_POST[phone]', '$_POST[address]', '$_POST[comments]', '$_POST[contact_person]')";
$result = mysql_query($sql, $conn) or die(mysql_error());
} else {
echo "Please fill all fields ";
}
mysql_close($conn);
if(count($_POST)>0){
// your code...
}
else{
// else code...
}
First and foremost: do not use a table inside a form. (I'm sorry couldn't resist, but this hurts my eyes)
On topic: Always remember to have validation on both your front- and backend.
So in this case add some validation to your php file like:
<?php
if(empty($_POST['company']))
{
// show validation message
} else {
// open the connection
$conn = mysql_connect("localhost", "root", "password");
// pick the database to use
mysql_select_db("company_register",$conn);
$sql = "INSERT INTO `tblsignups` VALUES ('NULL', '$_POST[company]', '$_POST[email]', '$_POST[phone]', '$_POST[address]', '$_POST[comments]', '$_POST[contact_person]')";
$result = mysql_query($sql, $conn) or die(mysql_error());
mysql_close($conn);
}
?>
Just check to see if all the required form fields exist. If they don't exist, redirect to your form page.
if(!array_key_exists("company", $_POST){
header('Location: http://your.form.page.html');
}
加载中,请稍侯......
精彩评论