Hi,
I've been searching for a cause/solution online, but haven't found anything. I hope someone here can help. Here's my setup: I have a set of pages set up which require a user to login and authenticate against a db table of registered users. Once logged-in, they have access to an online form to enter observation data into another table in the database, or enter comments etc. into a third table. If they try to navigate to the comments page or the data entry page before logining in, they are redirected to the login page, and I am using php and sessions to check that they are logged in. Once logged in the username is carried from page to page using a session variable.
And my problem: Occassionally I am getting blank records entered into the data tables (both comments and recorded data tables). However, I have a client side java script to check to make sure all the required data is entered before processing it; I have a server side validation to make sure a key variable such as their username is not blank prior to inserting anything into the db table, redirecting them to an error page if it is; I have a check to make sure for both cookies and java script are enabled within their browser; and i have a user tracking file which records the time anyone logs in. Despite all this, on Saturday a blank record showed up again in both tables, and they were entered less than 1 minute apart. Looking at the user login records, there wasn't anyone logged in at the time the records were entered and the error page they should have been redirected to did not register a hit.
I'm terribly confused about how these records could be showing up. I can't replicate the behaviour on any of the machines or browsers that I've tested on. If anyone has any suggestions as to how this might be happening, or where i might have a hole in my security I would greatly appreciate some advice. I'm happy to post any code here too, but don't want to do that unless asked for something specifically (so I don't make this longer than it is).
Thanks for any help you might be able to provide....
Help - unknown blank records being submitted to mysql db
Moderator: General Moderators
Re: Help - unknown blank records being submitted to mysql db
First thing I would do then is check your raw access logs on the server, filter them down to the time that the row appeared if you can (this is where it is good to have a DateCreated field that auto sets the time stamp to when the record is created)
-Greg
-Greg
Re: Help - unknown blank records being submitted to mysql db
Thanks Greg,
I do have the timestamp generated with each record input. I hadn't thought to check the access logs though. What would I be looking for there?
Cheers,
Kevin
I do have the timestamp generated with each record input. I hadn't thought to check the access logs though. What would I be looking for there?
Cheers,
Kevin
Re: Help - unknown blank records being submitted to mysql db
so.. you have:
- an observation data table
- a comments table
both allows null values on each field?... if so, I will fix that first (making required fields NOT NULL)... and that should trigger an error next time an intent to insert a row with null fields happens.. in that way you probably will catch where the error is.
- an observation data table
- a comments table
both allows null values on each field?... if so, I will fix that first (making required fields NOT NULL)... and that should trigger an error next time an intent to insert a row with null fields happens.. in that way you probably will catch where the error is.
-
klevis miho
- Forum Contributor
- Posts: 413
- Joined: Wed Oct 29, 2008 2:59 pm
- Location: Albania
- Contact:
Re: Help - unknown blank records being submitted to mysql db
How do you do your server side validation?