Inserting empty rows

ChristopherFairman · August 31, 2013, 6:38pm

Hi, i’ve got a database and a few pages using it.

My problem is that when i navigate to the page that inserts the rows, it adds empty rows because the form on the previous page was empty, how do i prevent this.

One other question is how do i improve security on the pages using php.

Here is my code

[php]<?php
$con=mysqli_connect("************************");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

mysqli_real_escape_string();
$emailad = $_POST[‘Text box’];
$query = “INSERT INTO emails (emailad) VALUES (’{$emailad}’)”;
mysqli_query($con, $query);
mysqli_close($con);
header( 'Location: ‘***************’ ) ;

?>[/php]

Topcoder · September 1, 2013, 12:59am

You can do something like this…

[php]<?php

if (!isset( $_POST[‘Text box’]) {

$con=mysqli_connect("************************");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

    mysqli_real_escape_string();
$emailad = $_POST['Text box'];
$query = "INSERT INTO emails (emailad) VALUES ('{$emailad}')";
mysqli_query($con, $query);

mysqli_close($con);
}
header( 'Location: ‘***************’ ) ;

?>[/php]

Basically, testing to see if their is an actual value in the post back.

One other question is how do i improve security on the pages using php.

That all depends on what you are doing and what you are trying to prevent.

ChristopherFairman · September 1, 2013, 1:29am

Here’s my current code.

The idea is that if it doesn’t get the $_POST from a previous page it navigates to the homepage and not the email added page.

The problem i’m getting is that even if theres no data from any other page, as in, i just navigate straight to this document it will enter empty values into my database.

The things i’ve heard about alot in terms of protecting is code that prevents mysql injections but i’m not sure how to go about preventing this and since i’m still new to PHP i think this may be the only security flaw im aware of, like most things there must be more?

I’ve heard of PDO?? But i’m not sure how to implement this into my current code.

[php]<?php

if (!isset( $_POST[‘Text box’])){

$con=mysqli_connect("*********"

// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

mysqli_real_escape_string();
$emailad = $_POST[‘Text box’];
$query = “INSERT INTO emails (emailad) VALUES (’{$emailad}’)”;
mysqli_query($con, $query);
mysqli_close($con);
header( 'Location: ‘********’ ;
}

else {
header( ‘****’
}
?>[/php]

Topcoder · September 1, 2013, 2:50am

To be honest, I don’t think you can have a space in an HTML Element name like “text box” it should be called text_box.

That might be your whole issue.

http://www.w3.org/TR/html401/types.html#type-name

ChristopherFairman · September 1, 2013, 3:11am

Modified it to text_box, still the same issue persists, still loads the homepage instead of the confirmation of the email has been added, i’m using the right URLS, the redirect to homepage is in the else statement and the email add is in the if statement but whenever i try to add an email now it just redirects me to homepage and doesn’t add the new email address, it just skips the entire code at the top and skips the the no email entered URL in the else statement.

Topcoder · September 1, 2013, 3:28am

can you post the HTML?

ChristopherFairman · September 1, 2013, 11:49am

[php]

Email:

[/php]

Topcoder · September 1, 2013, 5:28pm

Remember, you can’t have spaces in names and ID and your name’s and ID’s must be unique and can not duplicate other ID’s or Names.

The first thing I see is this.

[php][/php]

I see spaces in your name and ID, if you add an “_” it will duplicate your real text box input.

After you make those corrections post your PHP and HTML again.