stackoom
  简体   繁体   中英

Form inserting empty data to database

 原文  2019-07-19 11:25:49       php/ mysql

Question

Whenever I submit the form with empty input, it sends the empty input to my database. The form was working fine until after I used the htmlentities() for its functionality.

I used the gettype() function to return what's in the inserted variable and it returns "string", but when I checked the code from the browser, I could not see anything in the table. 

This is the code snippet and the form processing code

<?php
$errors = [];
$missing = [];

if(isset($_POST['sendFirm']) ){

$expected = array('firmName','country','state','email','phoneNumber');
$required = array('firmName','country','state','phoneNumber');

<?php

foreach ($_POST as $key => $value) {

        if(is_array($value)){
            $value = $value;
            }else{
            $value = trim($value);
            }

        if(empty($value) && in_array($key, $required)){
        $missing[] = $key;
        $$key = '';
        }elseif(in_array($key, $expected)){
        $$key = "$value";
        }
}

?>
}



?>
<?php 
        if($errors || $missing){
     ?>
     <p>Please fix the following items</p>
    <?php } ?>
<form method="post" action="<?php $_SERVER['PHP_SELF'] ?>">
<div class="form-group">
<label>Compnay Name
<?php if($missing && in_array('firmName', $missing)) { ?>
    <span class="text-danger">Please enter firm name</span>
<?php } ?>
</label>
<input class="form-control" type="text" name="firmName" id="firmName" placeholder="Company Name"
<?php
if($errors || $missing){
    print 'value="' . htmlentities($firmName) . '"';
}
>
<button class="btn btn-primary" type="submit" 
name="sendFirm">Submit</button>
</form>
?>
>


<?php


if(isset($_POST['sendFirm'])){
    try {
    $connectToFirms = new 
PDO('mysql:host=localhost;dbname=firms','root','2332');
    $connectToFirms->setAttribute(PDO::ATTR_ERRMODE, 
PDO::ERRMODE_EXCEPTION);

    $prepInsertion = $connectToFirms->prepare('INSERT INTO contractors 
VALUES (null,?,?,?,?,?)');

    $prepInsertion->execute(array($firmName, $country, $state, $email, 
$phoneNumber));

}catch (PDOException $e) {
    print "An error occure: " . $e->getMessage();
}
}


?>

The form is expected to insert inputs into the database only if the input is not empty and is also in the $expected[];

1 answers

solution1
 0 ACCPTED  2019-07-19 12:15:33

Don't insert data

I would stop the whole data insertion, if the expected input is not given. I would also send the input data one by one to PHP, so you have a better overview over your code. Good overview = less errors ;)

Try it this way: 

<?php

if ($_SERVER["REQUEST_METHOD"] === "POST") {

    $firmname = htmlentities($_POST["firmName"], ENT_QUOTES);

    $country = htmlentities($_POST["country"], ENT_QUOTES);

    $state = htmlentities($_POST["state"], ENT_QUOTES);

    $pn = htmlentities($_POST["phoneNumber"], ENT_QUOTES);

// LET'S START THE VALIDATION

    // if the required fields are not empty, insert data
    if (!empty($firmname) && !empty($country) && !empty(state) && !empty($pn)) {

        // insert data

    } else { // else stop insertion and return error message

        // return error message

    }
} else {
    // redirect...
}

I hope, i understood your question correctly and could help.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Form data not inserting into database Laravel Inserting Empty to Form and Null Value to Database Form is not inserting data into mysql database Inserting html form data to database Inserting form data to a mysql database Preventing Empty Data from Inserting into database Not inserting data form into database table PHP Manipulating form data before inserting to database Error with Inserting Data Into a Database Using a HTML Form Inserting data from form into database PHP MYSQL
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM