1. 技术文章
  2. php: check if variable is not empty before running INSERT query

php: check if variable is not empty before running INSERT query

懵懂的女人 提交于 2020-01-06 07:23:27

问题


I built a song request form for my wedding website and would like to check if the variables I am storing the form input in is empty before POST'ing to the database. My goal is simple prevent blank rows from being added to mysql db when the for is fired off.

 <?php 
// extract data from form; store in variable
$artist =  $_POST["artist"];
$song = $_POST["song"];

// connect to server 
$conn = mysql_connect('host', 'user', 'pass');


// check if you can connect; if not then die

if (!$conn) {
    echo "<center>";
    die('Could Not Connect: ' . mysql_error());
    echo "</center>";
    }

// check if you can select table; in not then die

$db = mysql_select_db('database', $conn);

if (!$db) {
    echo "<center>";
    die('Database Not Selected: ' . mysql_error());
    echo "</center>";
    }

// Define the query to inser the song request
$insert = mysql_query("INSERT INTO Songs (Artist, Song) VALUES ('$artist', '$song')");  

// check if above variables are empty 
if (!empty($artist) and !empty($song)) {
    echo "<center>";
    echo "Insert was succesful<br>";
    echo "<a href='index.html' target='_self' >Back</a>";
    echo "</center>";
}
else {
    echo "<center>";
    die("Please fill in at least the artist name");
    echo "</center>";
}

// close the connection to the server
mysql_close($conn);
?>

I have the above in a file called insert.php which is fired off when form on the index page is submitted. Form is submitting using POST and works just fine, however I would like to prevent blank submissions from happening.

Very new to programming and want to learn how to do this right.

Thanks for your patience.


回答1:


You are so close! All you had to do was put the insert after you do a check if the artist and song are filled in!

<?php 
    // extract data from form; store in variable
    $artist =  $_POST["artist"];
    $song = $_POST["song"];

    // connect to server 
    $conn = mysql_connect('host', 'user', 'pass');

    // check if you can connect; if not then die

    if (!$conn) {
        echo "<center>";
        die('Could Not Connect: ' . mysql_error());
        echo "</center>";
    }

    // check if you can select table; in not then die

    $db = mysql_select_db('database', $conn);

    if (!$db) {
        echo "<center>";
        die('Database Not Selected: ' . mysql_error());
        echo "</center>";
    }

    // check if above variables are empty 
    if (!empty($artist) and !empty($song)) {
        // Define the query to inser the song request
        $insert = mysql_query("INSERT INTO Songs (Artist, Song) VALUES ('$artist', '$song')");  

        if($insert) {
          echo "<center>";
          echo "Insert was succesful<br>";
          echo "<a href='index.html' target='_self' >Back</a>";
          echo "</center>";
        }
    }
    else {
        echo "<center>";
        die("Please fill in at least the artist name");
        echo "</center>";
    }

    // close the connection to the server
    mysql_close($conn);

That's it!




回答2:


Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

However, as a straightforward answer to your question: instead of validating after you've inserted the results, validate before. Also, remember to sanitize (using mysql_real_escape_string) anything you insert into a database if you do use mysql_* functions. Sanitizing inputs will prevent from SQL injections and remove some vulnerability issues.

if($errors) {
    // there are errors, don't submit to database
    // run through error display process

} else {
    // submit to database
    $insert = mysql_query("INSERT INTO Songs (Artist, Song) VALUES ('$artist', '$song')");
}



回答3:


Using empty should be enough. There is isset also

http://php.net/manual/en/function.isset.php




回答4:


Well, you already have your check with empty. Just move it before the insert and act accordingly

if (empty($artist)) {
    echo "<center>";
    die("Please fill in at least the artist name");
    echo "</center>";
}

or check both 

if (empty($artist) or empty($song)) {
...
}



回答5:


First validating the variables through function or using if statement like 

if (!empty($artist) && !empty($song))
 { $insert = mysql_query("INSERT INTO Songs (Artist, Song) VALUES ('$artist', '$song')");}


来源:https://stackoverflow.com/questions/14044774/php-check-if-variable-is-not-empty-before-running-insert-query

标签
php
forms
validation
post
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!