If a value isn't set or is empty...?

Discussion in 'PHP' started by twistedspikes, Jun 27, 2008.

0
  1. #1
    Say I have a file to add data to a database, so it goes something like this:

    if(isset($_POST['submit']))
{
	$1 = $_POST['value1'];
	$2 = $_POST['value2'];
           and so on for about 15 values in total
	
	$query = " INSERT INTO blah (value1, value2, etc) VALUES ('$1','$2',etc)";
	mysql_query($query) or die('Error ,query failed');
}
    Code (markup):
    Say if value 1 is not found in post, or it is empty what will happen? Will it stop execution of the script? Or will it just skip over it?

    I'd assume it does the latter, but I thought it was best to ask you guys first :).

    Thanks,
    TS
     
    twistedspikes, Jun 27, 2008 IP
  2. King Goilio

    King Goilio Member

    Messages:
    200
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    33
    #2
    well if its not found or empty it will just be and empty string
     
    King Goilio, Jun 27, 2008 IP
    twistedspikes likes this.
  3. twistedspikes

    twistedspikes Notable Member

    Messages:
    5,694
    Likes Received:
    293
    Best Answers:
    0
    Trophy Points:
    280
    #3
    Okay, thats fine then. Thats what I wanted to hear.

    Thanks :)
     
    twistedspikes, Jun 27, 2008 IP
  4. sarav_dude

    sarav_dude Peon

    Messages:
    10
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #4
    It mostly depends upon the way you code , you have coded correctly :) so it would skip , just empty value will be added into database (also consider how your database table is structured , ie it allows empty values for that field)

    and if you have coded something like the following , it would give mysql error if $a is empty :

    
if(isset($_POST['submit']))
{
	$a = $_POST['value1'];
	$b = $_POST['value2'];
           and so on for about 15 values in total
	
	$query = " INSERT INTO blah (value1, value2, etc) VALUES ($a,'$b',etc)";
	mysql_query($query) or die('Error ,query failed');
}
    PHP:
    see i have remove the quotes on the first variable.


    P.S. Remember that php does not support variables starting from numbers , $1 , $2 is wrong.

    cheers!
    sarav
    http://www.urlsave.net
     
    sarav_dude, Jun 27, 2008 IP
    twistedspikes likes this.
  5. twistedspikes

    twistedspikes Notable Member

    Messages:
    5,694
    Likes Received:
    293
    Best Answers:
    0
    Trophy Points:
    280
    #5
    Yeah I see what you have done there, and see why it would give an error.
    Good to know i'm coding well then :)

    I know $1, $2, etc would be wrong, was just using it as an example, wasn't thinking there :rolleyes:
     
    twistedspikes, Jun 27, 2008 IP
  6. itnashvilleCOM

    itnashvilleCOM Banned

    Messages:
    176
    Likes Received:
    9
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Unless you set the DB fields to NULL instead of NOT NULL, then use empty() instead of isset() to avoid errors.

    
     if (empty($_POST['value'])) {
          $value = '';
     } else {
          $value = mysql_real_escape_string(htmlentities(strip_tags($_POST['value'])));
     }
     // mysql query here.
    PHP:
     
    itnashvilleCOM, Jun 28, 2008 IP
    twistedspikes likes this.
  7. David Pankhurst

    David Pankhurst Member

    Messages:
    39
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    43
    #7
    Putting input data directly into mySQL without serious filtering is VERY dangerous.

    As well, on some servers, using an unassigned POST or GET variable could give you a warning/error message.

    In your example, try this:

    $1=( isset($_POST['value1']) ? $_POST['value1'] : "" );

    and optionally

    $1=trim($1);

    ... which will take care of the unassigned variable, then

    $1=mysql_escape_string($1);

    before the mysql statement to make the db call safer.
     
    David Pankhurst, Jun 28, 2008 IP