How to stop PHP from adding blank row/fields to the MYSQL database

Question

So I have a form that looks so.

<form action="thanks.php" method="post" class="niceform" name="myform">
<table>
<tr>
<td><label for="company_name">Company Name</label></td>
<td><input type="text" name="company" value="" size="38" /></td>
</tr>
// and so on

I have the validation by javascript. But the problem is that when I go directly to thanks.php from localhost/mysite/form/thanks.php I have an empty row that is inserted when I look at phpmyadmin. Thanks.php looks like so.

<?php
// open the connection
$conn = mysql_connect("localhost", "root", "password");
// pick the database to use
mysql_select_db("company_register",$conn);

$sql = "INSERT INTO `tblsignups` VALUES ('NULL', '$_POST[company]', '$_POST[email]', '$_POST[phone]', '$_POST[address]', '$_POST[comments]', '$_POST[contact_person]')";

$result = mysql_query($sql, $conn) or die(mysql_error());

mysql_close($conn);
?>
// And I have a thank you msg I display

How do I check that if some one should directly go to thanks.php I tell them to go fill the form first and do not put anything on the database

Answer 1

Just check below code

<?php
// open the connection
$conn = mysql_connect("localhost", "root", "password");
// pick the database to use
mysql_select_db("company_register",$conn);

if($_POST[company]!="" or $_POST[email]!=""  or $_POST[phone]!="" or $_POST[address]!="" ) {
    $sql = "INSERT INTO `tblsignups` VALUES ('NULL', '$_POST[company]', '$_POST[email]', '$_POST[phone]', '$_POST[address]', '$_POST[comments]', '$_POST[contact_person]')";
    $result = mysql_query($sql, $conn) or die(mysql_error());   
} else {
   echo "Please fill all fields ";
}

mysql_close($conn);

Answer 2

here is a sketch example

after receiving POST data you have to check it and raise error flag
in case of some errors show the form back instead of saving it

<?  
if ($_SERVER['REQUEST_METHOD']=='POST') {  

  $err = array();
  //performing all validations and raising corresponding errors
  if (empty($_POST['name']) $err[] = "Username field is required";  
  if (empty($_POST['text']) $err[] = "Comments field is required";  

  if (!$err) {  
    // if no errors - saving data 
    // and then redirect:
    header("Location: ".$_SERVER['PHP_SELF']);
    exit;
  }  else {
    // all field values should be escaped according to HTML standard
    foreach ($_POST as $key => $val) {
      $form[$key] = htmlspecialchars($val);
    }
} else {
  $form['name'] = $form['comments'] = '';  
}
include 'form.tpl.php';
?>  

and modify your form to make it possible to show errors

<? if ($err): ?>
  <? foreach($err as $e): ?>
<div class="err"><?=$e?></div>
  <? endforeach ?>
<? endif ?>
<form>
  <input type="text" name="name" value="<?=$form['name']?>">
  <textarea name="comments"><?=$form['comments']?></textarea>
  <input type="submit">
</form>

Answer 3

First and foremost: do not use a table inside a form. (I'm sorry couldn't resist, but this hurts my eyes)

On topic: Always remember to have validation on both your front- and backend.

So in this case add some validation to your php file like:

<?php

if(empty($_POST['company']))
{
// show validation message
} else {

// open the connection
$conn = mysql_connect("localhost", "root", "password");
// pick the database to use
mysql_select_db("company_register",$conn);

$sql = "INSERT INTO `tblsignups` VALUES ('NULL', '$_POST[company]', '$_POST[email]', '$_POST[phone]', '$_POST[address]', '$_POST[comments]', '$_POST[contact_person]')";

$result = mysql_query($sql, $conn) or die(mysql_error());

mysql_close($conn);
}
?>

Answer 4

if(count($_POST)>0){
    // your code...
}
else{
   // else code...
}

Answer 5

Checking if there is $_POST is not enough. Redirect after the post - otherwise if you add a row, and refresh the page, you'll end up with 2 records in the database. So post to process.php, and from process.php redirect to thanks.php. Also, validate in PHP, not in JavaScript

Answer 6

Check if the company name has been provided in the request and is not empty. Redirect the user to the form if there is no company name, possibly with an error message.

The form:

<form action="thanks.php" method="post" class="niceform" name="myform">
<?php if($_GET['error']): ?>
<span class="error">Please fill the required fields!</span>
<?php endif; ?>
<table>
<tr>
<td><label for="company_name">Company Name</label></td>
<td><input type="text" name="company" value="" size="38" /></td>
</tr>

Thanks.php:

<?php
// Is company specified?
if(!isset($_POST['company']) || $_POST['company'] == '') {
    header('Location: form.php?error=1');
    exit();
}

// open the connection
$conn = mysql_connect("localhost", "root", "password");
// pick the database to use
mysql_select_db("company_register",$conn);

$sql = "INSERT INTO `tblsignups` VALUES ('NULL', '$_POST[company]', '$_POST[email]', '$_POST[phone]', '$_POST[address]', '$_POST[comments]', '$_POST[contact_person]')";

$result = mysql_query($sql, $conn) or die(mysql_error());

mysql_close($conn);
?>

Answer 7

Just check to see if all the required form fields exist. If they don't exist, redirect to your form page.

if(!array_key_exists("company", $_POST){
   header('Location: http://your.form.page.html');
}

Answer 8

you can check for all as

if(empty($_POST['company']))
{
//redirect or show error msg that its required
}
else
{
//do what you want
}

and accordingly for all.

if you have posted form $_POST will always be true so when you have to check for empty values you have to check like this for all.

 if(empty($_POST['company']) || empty($_POST['email']) || empty($_POST['user']))

and so on.

Answer 9

You need to check if the form was submitted. You probably want something like:

<?php

if ($_POST)
{
    // open the connection
    $conn = mysql_connect("localhost", "root", "password");
    // pick the database to use
    mysql_select_db("company_register",$conn);

    $sql = "INSERT INTO `tblsignups` VALUES ('NULL', '$_POST[company]', '$_POST[email]', '$_POST[phone]', '$_POST[address]', '$_POST[comments]', '$_POST[contact_person]')";

    $result = mysql_query($sql, $conn) or die(mysql_error());

    mysql_close($conn);
}

?>