Page 1 of 1

Insert Working;but want to make sure all fields contain data

Posted: Wed Mar 31, 2004 9:34 am
by eoinmick
Here is my code as heading describes want all fields in the form to hold data before it can be summitted...sorry for all the questions around the same topic....Thanks!
_____________
<html>
<head><title>Flight Details</title></head>
<body text="blue" bgcolor="FFFFCC">
<HR SIZE=4 style="background-color: blue">
<body>
<h1 align="center" h1><b><FONT COLOR="blue">FIND THE RIGHT TIME TO FLY!!<br>Flight Details</b></font></h1>
<center><img src="http://images.google.com/images?q=tbn:P ... r"</center>
<HR SIZE=4 style="background-color: blue">
<h2><center>Flights</h2>

Code: Select all

<?
$db   = "u2ell";
$host = "mysql";
$user = "u2ell";
$pass = "";
mysql_connect($host,$user,$pass) or die(mysql_error());
mysql_select_db($db) or die (mysql_error());
//the connection to the database was successful

$flightid=$HTTP_POST_VARS['flightid']; 
$flyday=$HTTP_POST_VARS['flyday']; 
$time=$HTTP_POST_VARS['time']; 
$destinationfrom=$HTTP_POST_VARS['destinationfrom']; 
$destinationtill=$HTTP_POST_VARS['destinationtill']; 


$query = "INSERT INTO flights(flightid,flyday,time,destinationfrom,destinationtill) 
VALUES('$flightid','$flyday','$time','$destinationfrom','$destinationtill')"; 



$result = mysql_query($query) or die ("Execution failed."); 
?>
<form method="post"action="<?php echo $PHP_SELF?>">
<table cellpadding=2 cellspacing=0 border=1>

<td>Flight Id :</td><td> <input type="text" size="10" maxlength="4" name="flightid" value=""></td><tr>

<td>Fly Day:</td><td><input type="text" size="20" maxlength="10" name="flyday" value=""></td></tr>

<td>Time:</td><td> <input type="decimal" size="10" name="time"value=" "></td></tr>

<td>Destination From</td><td> <input type="text" size="20" maxlength="15" name="destinationfrom" value=""></td></tr>

<td>Destination Till</td><td> <input type="text" size="20" maxlength="15" name="destinationtill" value=""> </td><tr>

</table>
<input type="Submit" name="flights" value="Enter Flight Details">
<HR SIZE=4 style="background-color: blue">
</form>
</body>
</html>

Posted: Wed Mar 31, 2004 9:52 am
by lostboy
i tend to like

Code: Select all

if (isset($$HTTP_POST_VARS['albumId']){
   $albumId=$HTTP_POST_VARS['albumId'];
}else{
   $err_msg.="Album id not input";
}
then checking to see if the $err_msg is set to something other than and empty string...if it is set, then halt the process and show the form with the $err_msg notes, otherwise proceed with the db query....

Note that you can also set the DB fields to NOT NULL to prevent empty records from getting in...
Also: your EMPTY check does not cover spaces (" ") since that field is no longer empty....Regex is something that you may want to look at since one regex function can accomadate most of your inputs...

hth

Posted: Wed Mar 31, 2004 10:02 am
by eoinmick
Do I replace this statement:

Code: Select all

$flightid=$HTTP_POST_VARS['flightid']; 
$flyday=$HTTP_POST_VARS['flyday']; 
$time=$HTTP_POST_VARS['time']; 
$destinationfrom=$HTTP_POST_VARS['destinationfrom']; 
$destinationtill=$HTTP_POST_VARS['destinationtill'];
With:

Code: Select all

if (isset($$HTTP_POST_VARS['flightid']){ 
   $flightid=$HTTP_POST_VARS['flightid']; 
}else
{ 
   $err_msg.="Flight id not input"; 
} 
if (isset($$HTTP_POST_VARS['flyday']){ 
   $flightid=$HTTP_POST_VARS['flyday']; 
}else
{ 
   $err_msg.="Flyday not input"; 
}
Or do I just put the code underneath??

Posted: Wed Mar 31, 2004 11:19 am
by lostboy
replace it...its not much fun and this does nothing to validate the data input to be accurate or not harmful to the DB.. You need to validate this data or someone will enter this in the text box

Code: Select all

' or 1=1;drop database;
The basics of progamming say that you spend 70% of the code trying to prevent errors and the rest doing what actually needs to be done

Re: Insert Working;but want to make sure all fields contain

Posted: Wed Mar 31, 2004 11:56 am
by twigletmac
eoinmick wrote:sorry for all the questions around the same topic....
Would be nice if you kept it all in one thread...

Mac