Why does script not skip over MySQL data insertion?

Question

Newbie here learning PHP/MySQL.

When I fill in the form fields with data, it works fine and inserts data into the database.

When I leave the form blank, and click "ADD RECORD" button, I expect $temp to evaluate to null, but it does not (echos as =1), and "$_POST['firstname'])" echos as blank - I would think this should cause $temp to evaluate to null and skip the "if..." database insertion. But, an empty record is created (text fields blank, userlevel=1). Why does $temp not equate to "null"?

Also, each time I reload the script using the browser's refresh button, the program seems to remember the last entries in the form and creates another record of the same. I would have thought the "$_POST = array();" would have cleared all of this data, returned a null, and not create any new entry. Would help if I got some clarification here. Thanks, in advance.

Code is below:

<?php
//member table query - dbmemberquery.php
require_once 'dbconnect.php';

//form for data entry       
echo <<<_END
<form action="dbmemberquery.php" method="post"><pre>
    Firstname   <input type="text" name="firstname" />
    Lastname    <input type="text" name="lastname" />
    Email       <input type="text" name="email" />
    Password    <input type="text" name="password" />
    Userlevel   <input type="text" name="userlevel" />  
                <input type="submit" value="ADD RECORD" />  
</pre></form>
_END;

//inserting records into member table
function get_post($var)
    {
        return mysql_real_escape_string($_POST[$var]);
    }   

//check if all fields are filled in on the form
$temp = (isset($_POST['firstname']) &&
    isset($_POST['lastname']) &&
    isset($_POST['email']) &&
    isset($_POST['password']) &&
    isset($_POST['userlevel']));

//debug only - check values
echo "_post value for firstname = ".$_POST['firstname']."<br />";
echo "isset _post value =" .(isset($_POST['firstname']))."<br />";
echo "temp variable =".$temp."<br />"; 

if ($temp)
    {

        $firstname  = get_post('firstname');
        $lastname   = get_post('lastname');
        $email      = get_post('email');
        $password   = get_post('password');
        $userlevel  = get_post('userlevel');


        $query2 = "INSERT INTO sc2.members(firstname, lastname, email,password,userlevel)".
        "VALUES ('$firstname','$lastname','$email','$password','$userlevel')";

        if (!mysql_query($query2, $db_server))
            echo "INSERT failed: $query2<br />" . 
            mysql_error() . "<br /><br />";

        $_POST = array();

    }

$_POST = array();


$query = "SELECT * FROM sc2.members";
$result = mysql_query($query);
if (!$result) die ("Database access failed: ". mysql_error());
$rows = mysql_num_rows($result);
//shows number of rows in member table
echo "rows: ".$rows . '<br />'.'<br />';

//lists all of the members
for ($j = 0; $j < $rows ; ++$j)
{
    $row = mysql_fetch_row($result);
    echo 'ID: '         . $row[0] . '<br />';
    echo 'firstname: '  . $row[1] . '<br />';
    echo 'lastname: '   . $row[2] . '<br />';
    echo 'email: '      . $row[3] . '<br />';
    echo 'password: '   . $row[4] . '<br />';
    echo 'userlevel: '  . $row[5] . '<br />';
    echo '<br />';
}

mysql_close($db_server);

Answer 1

When I leave the form blank, and click "ADD RECORD" button, I expect $temp to evaluate to null,

No, the fields are in the form so they are set, they are just set to empty strings.

Use empty (and maybe combine it with something even more specific such a regular expression) instead of is_set.

I would have thought the "$_POST = array();" would have cleared all of this data, returned a null, and not create any new entry.

No. That clears the data in the PHP variable.

When you refresh the browser it is the browser that remembers the contents of the form and resubmits it, the PHP program runs from the start again, and PHP populates $_POST with a fresh copy of the data.

Use the post-redirect-get pattern to avoid the data being resubmitted.