Form Data

Bicky2018 · February 5, 2018, 9:43am

Hello all

vcery much a newbie to PHP. I’ve been creating a PHP page which will accept variables as part of the URL to then add data to mysql table, this works fine, but it there is for example no address field i want to be able to exclude that variable from the URL string.

My code is as follow. I’ve binded the statement to prevent SQL injection from what I’ve read. Any help would be great.

[php]<?php

include (“dbconnect.php”);

// prepare and bind
$stmt = $conn->prepare(“INSERT INTO input (title,forename,surname,ad1,ad2,ad3,ad4,ad5,postcode,telno,dob,email,user,ipaddress,capturedate,url) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)”);
$stmt->bind_param(“ssssssssssssssss”, $title, $forename, $surname, $ad1, $ad2, $ad3, $ad4, $ad5, $postcode, $telno, $dob, $email, $user, $ipaddress, $capturedate, $url);

// set parameters and execute
//set parameters
$title = $_REQUEST[“title”];
$forename = $_REQUEST[“forename”];
$surname = $_REQUEST[“surname”];
$ad1 = $_REQUEST[“ad1”];
$ad2 = $_REQUEST[“ad2”];
$ad3 = $_REQUEST[“ad3”];
$ad4 = $_REQUEST[“ad4”];
$ad5 = $_REQUEST[“ad5”];
$postcode = $_REQUEST[“postcode”];
$telno = $_REQUEST[“telno”];
$dob = $_REQUEST[“dob”];
$email = $_REQUEST[“email”];
$user = $_REQUEST[“user”];
$ipaddress = $_REQUEST[“ipaddress”];
$capturedate = $_REQUEST[“capturedate”];
$url = $_REQUEST[“url”];

// Evaluates to true because $telno is empty
if (empty($telno)) {
echo ‘Error: $telno needs to be populated’;
exit;
}

// Evaluates to true because $telno is empty
if (empty($ipaddress)) {
echo ‘Error: $ipaddress needs to be populated’;
exit;
}
// Evaluates to true because $telno is empty
if (empty($capturedate)) {
echo ‘Error: $capturedate needs to be populated’;
exit;
}
// Evaluates to true because $telno is empty
if (empty($url)) {
echo ‘Error: $url needs to be populated’;
exit;
}

// Evaluates to true because $user is empty
if (empty($user)) {
echo ‘Error: $user needs to be populated’;
exit;
}

$query = “SELECT user from users where user =’$user’”;

if ($result=mysqli_query($conn,$query))
{
if(mysqli_num_rows($result) > 0)
{
//run code
$stmt->execute();

	$last_id = $conn->insert_id;
	echo "SUCCESS: " . $last_id;

	$stmt->close();
	$conn->close();

}

else
echo “ERROR: Invalid User ($user)”;
exit;
}

?>

[/php]

astonecipher · February 5, 2018, 2:29pm

Change the order of your processing.
Change all of the $_REQUEST’s to what you are expecting, either $_GET or _POST. This should probably be done with post data, get data is pretty specific for things, and it doesn’t include inserting values into a table. If you don’t want a value, than you need to give it a null value.

Just a guess from your table columns, but I think your table is rather haphazardly designed.

Bicky2018 · February 5, 2018, 3:21pm

Thanks for you reply. I will change the $_request to $_post. In regards to specifying null values for variables which are not passed. I dont know which variables are not going to passed, but want to php to deal with and without all the varaibles.

e.g. www.website.co.uk/leads.php?title=Mr&forename=Test&surname=Test&ad1=1 High Street&ad2&ad3&ad4=Halifax&ad5=West Yorkshire&postcode=HX1 1AA&telno=0712345678&dob=01/01/1900&[email protected]&user=testuser&ipaddress=1.1.1.1&capturedate=2018-02-05&url=testurl.com

e.g. www.website.co.uk/leads.php?forename=Test&surname=Test&telno=0712345678&dob=01/01/1900&user=testuser

I want the php to be able to handle both URLs

astonecipher · February 5, 2018, 3:45pm

To deal with null values being added dynamically, just means you need to do a validation. Afterwards, you can just use those values.

I am assuming that some values are going to be required?

[php]// define our array for errors
$errors = [];

// define ALL the fields we will be using
$fields = [‘title’,
‘dob’,
‘email’,
‘user’,
‘ipaddress’,
‘capturedate’,
‘url’,
];
// define what values MUST be passed
$required_array = [‘title’,
‘forname’];
// loop through to verify that the required values are there
foreach($required_array as $required){
if($required !in_array($_POST){
array_push($errors, $required);
}
}

// check to see if there are any errors reported.
// We don’t want to continue if required fields are missing
if(!empty($errors)){
echo implode( " is missing
", $errors);
exit();
}

// now we loop through all the values passed and default the ones that are not there
foreach($fields as $val){
if(!isset($_POST[$fields]))
$_POST[$fields] = null;
if(trim($_POST[$fields]) == “”)
$_POST[$fields] = null;
}
[/php]

Now, ideally, this should be done using classes or functions. But procedurally, this is a starting point.