Hello all
vcery much a newbie to PHP. I’ve been creating a PHP page which will accept variables as part of the URL to then add data to mysql table, this works fine, but it there is for example no address field i want to be able to exclude that variable from the URL string.
My code is as follow. I’ve binded the statement to prevent SQL injection from what I’ve read. Any help would be great.
[php]<?php
include (“dbconnect.php”);
// prepare and bind
$stmt = $conn->prepare(“INSERT INTO input (title,forename,surname,ad1,ad2,ad3,ad4,ad5,postcode,telno,dob,email,user,ipaddress,capturedate,url) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)”);
$stmt->bind_param(“ssssssssssssssss”, $title, $forename, $surname, $ad1, $ad2, $ad3, $ad4, $ad5, $postcode, $telno, $dob, $email, $user, $ipaddress, $capturedate, $url);
// set parameters and execute
//set parameters
$title = $_REQUEST[“title”];
$forename = $_REQUEST[“forename”];
$surname = $_REQUEST[“surname”];
$ad1 = $_REQUEST[“ad1”];
$ad2 = $_REQUEST[“ad2”];
$ad3 = $_REQUEST[“ad3”];
$ad4 = $_REQUEST[“ad4”];
$ad5 = $_REQUEST[“ad5”];
$postcode = $_REQUEST[“postcode”];
$telno = $_REQUEST[“telno”];
$dob = $_REQUEST[“dob”];
$email = $_REQUEST[“email”];
$user = $_REQUEST[“user”];
$ipaddress = $_REQUEST[“ipaddress”];
$capturedate = $_REQUEST[“capturedate”];
$url = $_REQUEST[“url”];
// Evaluates to true because $telno is empty
if (empty($telno)) {
echo ‘Error: $telno needs to be populated’;
exit;
}
// Evaluates to true because $telno is empty
if (empty($ipaddress)) {
echo ‘Error: $ipaddress needs to be populated’;
exit;
}
// Evaluates to true because $telno is empty
if (empty($capturedate)) {
echo ‘Error: $capturedate needs to be populated’;
exit;
}
// Evaluates to true because $telno is empty
if (empty($url)) {
echo ‘Error: $url needs to be populated’;
exit;
}
// Evaluates to true because $user is empty
if (empty($user)) {
echo ‘Error: $user needs to be populated’;
exit;
}
$query = “SELECT user from users where user =’$user’”;
if ($result=mysqli_query($conn,$query))
{
if(mysqli_num_rows($result) > 0)
{
//run code
$stmt->execute();
$last_id = $conn->insert_id;
echo "SUCCESS: " . $last_id;
$stmt->close();
$conn->close();
}
else
echo “ERROR: Invalid User ($user)”;
exit;
}
?>
[/php]