PHP & MySQL problem

Question

Okay I'm using strip_tags to get rid of html from when a user tags a post but when a user enters something like in the upcoming example.

I get five empty values entered into the database, which I don't want everything else is fine. How can i stop this?

,,,,,,,, ,, ,,,,a,d, <html> , ruby-on-rails , ad, <html>

I get the following entered into the database NOTE the commas are not entered into the database.

, , , a, d, , ruby-on-rails, ad,

Here is my code.

$tags = preg_split('/,/', strip_tags($_POST['tag']), -1, PREG_SPLIT_NO_EMPTY);
$tags = array_map('trim', $tags);
$tags = str_replace(' ', '-', $tags);

ONLY the following should be entered into the database.

a,d,ruby-on-rails,ad

Here is a quick example of my insert.

 for ($x = 0; $x < count($tags); $x++){
    $query1 = "INSERT INTO tags (tag) VALUES ('" . mysqli_real_escape_string($mysqli, strtolower($tags[$x])) . "')";
}

@Peter Bailey just `a,d,ruby-on-rails,ad` should only be entered into the database. — myTIME, Aug 09 '10 at 17:40
If you want to save tags to a database that you want to be able to search by (as in, user clicks on "ruby-on-rails" and sees all posts tagged with it), you'll probably want to use a separate table for it and not enter it as a comma-separated list; those are unpleasant to search by. — Michael Louis Thaler, Aug 09 '10 at 18:05
From what I can tell he is not entering it in as a comma separated list, that is just how they are coming into him. With the insert statement he posted they are getting entered in individually to the DB. — Jim, Aug 09 '10 at 18:11

Jim · Answer 1 · 2010-08-09T18:16:00.720

1

You should check if the values are empty(). If they are, omit them from your database insert query or mark them as "null".

Without seeing the database table design or any code that has to deal with the database, it is hard to say how we can better help you.

UPDATE

With the new information from the INSERT query, here is how you would apply the empty (untested pending syntax errors):

$tags = array_filter($tags, function ($v) { return !empty($v);});

for ($x = 0; $x < count($tags); $x++){
    $query1 = "INSERT INTO tags (tag) VALUES ('" . mysqli_real_escape_string($mysqli, strtolower($tags[$x])) . "')";
}

Should remove the empty values from the array, pending I did not make a simple mistake.

EDIT

Here is one option to do it, but yea. Since you are using the loop already, you can just add an if inside the loop. With the array_filter it should remove any empty values from the array.

Moved the function definition. The above should work.

edited Aug 09 '10 at 18:16

answered Aug 09 '10 at 17:40

Jim

18,673
5
49
65

I dont want them to get entered into the database at all. – myTIME Aug 09 '10 at 17:43
Depending on your DB Schema, this may not be possible. If you post that up, I (we) can tell you if that would be possible for your situation. Given normal database designs (if it is normal) the answer would be they have to be entered into the DB. But again, without seeing the structure this is impossible to tell. – Jim Aug 09 '10 at 17:46
I get the following now `Warning: array_filter() [function.array-filter]: The second argument, 'empty', should be a valid callback in ` – myTIME Aug 09 '10 at 18:00

score 0 · Accepted Answer · answered Aug 09 '10 at 17:59

Why don't you check if the string is empty before inserting it into the database?

for ($x = 0; $x < count($tags); $x++){
    if ($tags[$x] != '') {
         $query1 = "INSERT INTO tags (tag) VALUES ('" . mysqli_real_escape_string($mysqli, strtolower($tags[$x])) . "')";
    }
}

score 0 · Answer 3 · edited May 23 '17 at 10:26

0

I think you just need to beef up what you split on.

I'd probably do something more like this

$input = ",,,,,,,, ,, ,,,,a,d, <html> , ruby-on-rails , ad, <html>";

$tags = preg_split( "/(?:\s*,\s*)+/", trim( strip_tags( $input ), ', ' ) );
$tags = array_map( 'mysqli_real_escape_string', str_replace( ' ', '-', $tags ) );

Then, when it comes to your query, take advantage of MySQL's multiple insert syntax

$query1 = "INSERT INTO tags (tag) VALUES ('" . implode( "'),('", $tags ) . "');";

But you may want to look into duplicate insert handling.

edited May 23 '17 at 10:26

Community

1
1

answered Aug 09 '10 at 18:14

Peter Bailey

105,256
31
182
206

I like the pattern, but the `mysqli_real_escape_string()` is no longer encouraged. – mickmackusa Oct 24 '22 at 09:31

PHP & MySQL problem

3 Answers3