Insert Working;but want to make sure all fields contain data

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
eoinmick
Forum Newbie
Posts: 22
Joined: Fri Mar 26, 2004 12:30 pm

Insert Working;but want to make sure all fields contain data

Post by eoinmick »

Here is my code as heading describes want all fields in the form to hold data before it can be summitted...sorry for all the questions around the same topic....Thanks!
_____________
<html>
<head><title>Flight Details</title></head>
<body text="blue" bgcolor="FFFFCC">
<HR SIZE=4 style="background-color: blue">
<body>
<h1 align="center" h1><b><FONT COLOR="blue">FIND THE RIGHT TIME TO FLY!!<br>Flight Details</b></font></h1>
<center><img src="http://images.google.com/images?q=tbn:P ... r"</center>
<HR SIZE=4 style="background-color: blue">
<h2><center>Flights</h2>

Code: Select all

<?
$db   = "u2ell";
$host = "mysql";
$user = "u2ell";
$pass = "";
mysql_connect($host,$user,$pass) or die(mysql_error());
mysql_select_db($db) or die (mysql_error());
//the connection to the database was successful

$flightid=$HTTP_POST_VARS['flightid']; 
$flyday=$HTTP_POST_VARS['flyday']; 
$time=$HTTP_POST_VARS['time']; 
$destinationfrom=$HTTP_POST_VARS['destinationfrom']; 
$destinationtill=$HTTP_POST_VARS['destinationtill']; 


$query = "INSERT INTO flights(flightid,flyday,time,destinationfrom,destinationtill) 
VALUES('$flightid','$flyday','$time','$destinationfrom','$destinationtill')"; 



$result = mysql_query($query) or die ("Execution failed."); 
?>
<form method="post"action="<?php echo $PHP_SELF?>">
<table cellpadding=2 cellspacing=0 border=1>

<td>Flight Id :</td><td> <input type="text" size="10" maxlength="4" name="flightid" value=""></td><tr>

<td>Fly Day:</td><td><input type="text" size="20" maxlength="10" name="flyday" value=""></td></tr>

<td>Time:</td><td> <input type="decimal" size="10" name="time"value=" "></td></tr>

<td>Destination From</td><td> <input type="text" size="20" maxlength="15" name="destinationfrom" value=""></td></tr>

<td>Destination Till</td><td> <input type="text" size="20" maxlength="15" name="destinationtill" value=""> </td><tr>

</table>
<input type="Submit" name="flights" value="Enter Flight Details">
<HR SIZE=4 style="background-color: blue">
</form>
</body>
</html>
lostboy
Forum Contributor
Posts: 329
Joined: Mon Dec 30, 2002 8:12 pm
Location: toronto,canada

Post by lostboy »

i tend to like

Code: Select all

if (isset($$HTTP_POST_VARS['albumId']){
   $albumId=$HTTP_POST_VARS['albumId'];
}else{
   $err_msg.="Album id not input";
}
then checking to see if the $err_msg is set to something other than and empty string...if it is set, then halt the process and show the form with the $err_msg notes, otherwise proceed with the db query....

Note that you can also set the DB fields to NOT NULL to prevent empty records from getting in...
Also: your EMPTY check does not cover spaces (" ") since that field is no longer empty....Regex is something that you may want to look at since one regex function can accomadate most of your inputs...

hth
eoinmick
Forum Newbie
Posts: 22
Joined: Fri Mar 26, 2004 12:30 pm

Post by eoinmick »

Do I replace this statement:

Code: Select all

$flightid=$HTTP_POST_VARS['flightid']; 
$flyday=$HTTP_POST_VARS['flyday']; 
$time=$HTTP_POST_VARS['time']; 
$destinationfrom=$HTTP_POST_VARS['destinationfrom']; 
$destinationtill=$HTTP_POST_VARS['destinationtill'];
With:

Code: Select all

if (isset($$HTTP_POST_VARS['flightid']){ 
   $flightid=$HTTP_POST_VARS['flightid']; 
}else
{ 
   $err_msg.="Flight id not input"; 
} 
if (isset($$HTTP_POST_VARS['flyday']){ 
   $flightid=$HTTP_POST_VARS['flyday']; 
}else
{ 
   $err_msg.="Flyday not input"; 
}
Or do I just put the code underneath??
lostboy
Forum Contributor
Posts: 329
Joined: Mon Dec 30, 2002 8:12 pm
Location: toronto,canada

Post by lostboy »

replace it...its not much fun and this does nothing to validate the data input to be accurate or not harmful to the DB.. You need to validate this data or someone will enter this in the text box

Code: Select all

' or 1=1;drop database;
The basics of progamming say that you spend 70% of the code trying to prevent errors and the rest doing what actually needs to be done
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Re: Insert Working;but want to make sure all fields contain

Post by twigletmac »

eoinmick wrote:sorry for all the questions around the same topic....
Would be nice if you kept it all in one thread...

Mac
Post Reply