Deny insert when column value is empty

Question

I have my php code that will hold and insert date to mysql:

from an input textbox

$id2 = $_POST['id'];

Random Number Generator How can I generate it always on 5 digit?

$random = rand();

Insert code:

$sql3="Insert into warranty(serial_no,a_id)
values ('$random','$id2')";
$result3=mysql_query($sql3);

How can I deny insert when $id2 doesn't have a value?

Answer 1

put below code and remove existing code.You don't have need of $id2 variable if you are getting value using $_POST method. You can do it directly by following code.

$random = rand();

if(isset($_POST['id']))
{   
$sql3="Insert into warranty(serial_no,a_id)
values ('$random','".$_POST['id']."')";
$result3=mysql_query($sql3);
}
else
{
echo "No ID Found"; //you can do any action here.
}

Answer 2

$random = rand(10000,99999);

if(!empty(trim($id2)))

{
  $sql3="Insert into warranty(serial_no,a_id) values ('$random','$id2')";
 $result3=mysql_query($sql3);
}

Answer 3

Just use empty() function to determine, if given variable has value or not (manual page). Like this:

if (!empty($id2))
{
   $sql3="Insert into warranty(serial_no,a_id) values ('$random','$id2')";
   $result3=mysql_query($sql3);
}

But passing $_POST value directly to SQL query is huge* security issue (SQL Injection to be clear), os use at least mysql_real_escape_string():

$sql3="Insert into warranty(serial_no,a_id) values ('$random','" . mysql_real_escape_string($id2) . "')";

For more info about this, read How can I prevent SQL injection in PHP?.

EDIT: At first, I miss your second question, so moved from comments - to generate 5 digits random number, use simple:

$fiveDigitsRand = rand(10000, 99999);

Answer 4

if(isset($id2))
{
$sql3="Insert into warranty(serial_no,a_id)
values ('$random','$id2')";
$result3=mysql_query($sql3);
}