-3

I am having trouble with my insert script. I can't seem to get my script to stop inserting empty data into mysql. I tried using !empty function. But yet it still submits it into the database. Here's my code:

<?php


  // Connect to MySQL
  $mysqli = new mysqli( 'localhost', 'xxx', 'xxx', 'xxx' );


  if ( $mysqli->connect_error ) {
    die( 'Connect Error: ' . $mysqli->connect_errno . ': ' . $mysqli->connect_error );
  }



if (!empty($_POST)) {

  // Insert into posts
  $sql = "INSERT INTO posts (title, postdata ) VALUES ( '{$mysqli->real_escape_string($_POST['title'])}', '{$mysqli->real_escape_string($_POST['data'])}' )";
  $insert = $mysqli->query($sql);

  // Print response from MySQL
  if ( $insert ) {
    echo "Success! Row ID: {$mysqli->insert_id}";
  } else {
    die("Error: {$mysqli->errno} : {$mysqli->error}");
  }

  // Close our connection
  $mysqli->close();
}
?>

<form action="" method="POST">
<br>
<br>
Title:
<br>
<input type="text" name="title">

<br>
<br>
Post:
<br>
<textarea name="data" id="data"></textarea>
<br>
<br>
<input type="submit" name="submit">
</form>
Michael Toole
  • 1
  • 2
  • 1
    Does the post data contain the data you are trying to fetch? Also, instead of escaping values and putting them in the query (which could also be kinda unsafe, even though more safe than not escaping it), you could use prepared statements! – Jite May 15 '16 at 17:15
  • What does `$sql` output as? – chris85 May 15 '16 at 17:16
  • Yes, the script works fine, but you can press submit with nothing entered and it'll just keep inserting blank data, what I am trying to go for is to make the query fail if the post data is empty – Michael Toole May 15 '16 at 17:18
  • Check your fields, `$_POST['title']` and `$_POST['data']`, rather than just `$_POST`. You also can add initial client side check (don't rely on that though, have server side too). – chris85 May 15 '16 at 17:19
  • Can you confirm that as you refresh the page, it inserts into the database? – The Codesee May 15 '16 at 17:20
  • 3
    The ***less*** the good people know, the ***more time*** it takes to provide you with a solution. Which in turn, you're asking us to take a blind shot at an invisible target.. That means "code" which includes the associated HTML form for this. – Funk Forty Niner May 15 '16 at 17:21
  • @TheCodesee yes wheen you refresh it continues to insert – Michael Toole May 15 '16 at 17:23
  • and I am out of this one. Good luck gentlemen (and possibly ladies). – Funk Forty Niner May 15 '16 at 17:24
  • @Fred-ii- common sense would say if I can post data using my inputs then I guess there's nothing wrong with the html? Or did you forget I titled it MYSQLI? Not html. – Michael Toole May 15 '16 at 17:26

1 Answers1

1

Your code will automatically insert into the database when the page loads.

As a workaround, you should add if(isset($_POST['submit'])) { which will only insert into the database when the form is submitted.

The code will also check if $_POST['title'] is empty and displays an error if so.

if(isset($_POST['submit'])) {
   if(empty($_POST['title'])) {
      echo 'Please fill in the field.';
   }else{
      $sql = "INSERT INTO posts (title, postdata ) VALUES ( '{$mysqli-real_escape_string($_POST['title'])}', '{$mysqli-real_escape_string($_POST['data'])}' )";
      $insert = $mysqli->query($sql);
   }
}

As you failed to supply your form, I'm guessing that the name of the submit button is submit.

The Codesee
  • 3,714
  • 5
  • 38
  • 78