Hello guys, I have created a web form that sends data to my database. I have also validation on my webform with JS so people have to fill a valid email address, but my problem is that some people probably jobless webmasters are checking the code for where I post the form and they visit it on their browsers so it creates null datas on my database, I want to make sure that if a variable is null should not be added to the database so I need your help to make it possible as I'm not an advanced PHP programmer. My code is like this: <?php $name = $_POST['name']; $email = $_POST['email']; $phone = $_POST['phone']; mysql_connect("localhost", "user", "password") or die("We couldn't connect!"); mysql_select_db("database"); mysql_query("INSERT INTO users(name,email,phone) VALUES('$name','$email','$phone')"); header("location:http://www.website.com/thanks.html"); ?> I want to add a validation like if phone variable is null forward it back to the http://www.website.com/form.html and if its not empty continue with the database connection process. Thanks
Here you go... if (!isset($_POST['phone'])) { header("Location: index.php"); } else { $phone = $_POST['phone']; } Code (markup): Also it's not recommended to insert POST values straight into the DB, tidy them up first so as to prevent SQL injection.
BTW, you could also use... if ($_POST['phone'] == "") { header("Location: index.php"); } else { $phone = $_POST['phone']; } Code (markup):
You do realize you've set the email variable to the phone number right? And yeah sorry I forgot to die(); or exit(); after the check, it's always recommended to do that to stop the PHP script from running onto the next bit without passing checks.
Yes, sorry I changed my mind for using email but then let people see continue as phone... And yes, if we don't exit(); the code doesn't stop and if you heave another header Here is the correct code: if (empty($_POST['phone'])) { header("location: index.php"); exit; } else { // POST phone $phone= $_POST['phone']; } PHP:
Can you show how to do it for this example? mysql_connect("localhost", "user", "password") or die("We couldn't connect!"); mysql_select_db("database"); mysql_query("INSERT INTO users(name,email,phone) VALUES('$name','$email','$phone')");
$name = mysql_real_escape_string($name); $email= mysql_real_escape_string($email); $phone= mysql_real_escape_string($phone); mysql_query("INSERT INTO users(name,email,phone) VALUES('$name','$email','$phone')"); Code (markup): More info: http://bg2.php.net/manual/en/function.mysql-real-escape-string.php
Well I have now another problem, I'm getting dublicated entries not sure how they do it but they might double click on the submit button or they just go back and submit again so I see same data entered to db with 1 - 2 seconds delay... I want to add an if - else statement that will check for email & phone fields on database to check whether the same data is already on database, so how can I do it? I think I need to query before the insert...