0

I was just wondering if you anyone had a better way to check for an empty string, this one works but shows the error the first time you load the form, (because the querys empty).

pretty simply check here.

$order = "INSERT INTO sbh_itemsheet
   (shopCode, itemNumber, itemDescription)
  VALUES
('$shopCode','$itemNumber','$itemDescription')";


 $result = mysql_query($order); //order executes

 if($result)
{
 echo("
 Input data is succeed");
}
else
{
 echo("
 Input data is fail");
}

I can't figure out how to get rid of the first error message, really i should start the check at the beggining of the script and not the bottom, but my brains stopped working today and I thought some of you lovely people may be able to help.

Joel Coehoorn
  • 399,467
  • 113
  • 570
  • 794
Switchfire
  • 556
  • 1
  • 5
  • 19
  • 2
    Please don't assemble MySQL statements by inserting variables into strings. If you don't escape the incoming data properly then your application will be at risk of an SQL injection attack. You should investigate using prepared statements instead. – simpleigh Jul 09 '14 at 15:19
  • I usually use a hidden form value called "submitting", and set that to "1" at form submission. Then when the POST comes through, I check $submitting = $_POST('submitting'); And only execute the necessary code if the form is being submitted. – durbnpoisn Jul 09 '14 at 15:22
  • Just so its known, this is a section only accessible to people with login access, Injection attacks arn't a problem as login setup is using PDO. only 3 people have access. When I have time this will change @LeighSimpson – Switchfire Jul 09 '14 at 15:24

3 Answers3

1

You will need to check that the variables exist before processing your Query

$result = false;
if($shopCode !="" && $itemNumber !="" && $itemDescription !="")
{
    $order = "INSERT INTO sbh_itemsheet
    (shopCode, itemNumber, itemDescription)
    VALUES
    ('$shopCode','$itemNumber','$itemDescription')";

    $result = mysql_query($order); //order executes

    if($result)
    {
        echo("Input data is succeed");
    }
    else
    {
        echo("Input data is fail");
    }
}

My example above answers your question. I would however look into moving from mysql to mysqli or pdo

Kevin Lynch
  • 24,427
  • 3
  • 36
  • 37
  • I think you are missing the point here... Your code will yield exactly the same results as the OP. The first time the page is loaded when the parameters( `$shopCode`, `$itemNumber`...etc) are missing, you will still get the "Input data is fail" result. – Lix Jul 09 '14 at 15:34
  • 1
    @lix it was a typo, ending curly brace was in the incorrect place. – Kevin Lynch Jul 09 '14 at 15:37
  • I'm going to use this untill I get a chance to re-write it with PDO, Thanks this has answered my question. – Switchfire Jul 10 '14 at 09:55
0

You could test the values you input into your query before actually executing it:

if ( $shopCode && $itemNumber && $itemDescription ){
  // Query params exist - run the query
  $order = "INSERT INTO...";
  ...
} else {
  // Query params missing - query not executed 
}

As a final note, I recommend you read the following post that explains why using the mysql_* library is a really bad idea: Why shouldn't I use mysql_* functions in PHP?

Community
  • 1
  • 1
Lix
  • 47,311
  • 12
  • 103
  • 131
  • `Notice: Undefined variable: shopCode` – AbraCadaver Jul 09 '14 at 15:26
  • @AbraCadaver- yes.. this is true as my code is only a snippet. I'm not too sure what you mean by your comment... – Lix Jul 09 '14 at 15:28
  • The OP complains of an undefined variable error and your code throws an undefined variable error. – AbraCadaver Jul 09 '14 at 15:30
  • 1
    @AbraCadaver - I can not see that information from the OP... Where did you see details on an `Undefined variable` error? – Lix Jul 09 '14 at 15:31
  • You post code that throws an error if the variable is not set which is the problem in the question. – AbraCadaver Jul 09 '14 at 15:38
  • @AbraCadaver - no. There is no "error" per-say... The "error" that the OP is referring to is the second `echo` command that says "Input data is fail". – Lix Jul 09 '14 at 15:40
0

You can check if they are set:

if(isset($shopCode, $itemNumber, $itemDescription)) {
    // do your stuff
}

Or if they are empty:

if(!empty($shopCode) && !empty($itemNumber) && !empty($itemDescription)) {
    // do your stuff
}
AbraCadaver
  • 78,200
  • 7
  • 66
  • 87