0

So I have a php script that integrates with an api to scrap information from json results. The tool does a search query of say all profiles that are located in a certain state, it then saves all the returned links and begins looping over them and executing them one at a time to view the data inside and retrieve the desired data. At the end of this process I'm trying to have it write the results into my database. Say I'm gathering $firstname and $lastname, when the tool runs I notice it never misses any information but often it write entries in the database with repeat information of maybe just $firstname but not $lastname. When it does this it will write that entry twice, once with all the information and another time with just the partial information. Considering it always no matter what gathers what I need I'm trying to figure out an if or else statement or some other kind of trigger so before it writes to my table the php script will check to make sure all of the available fields are populated with information. If they are it writes, if not it just does nothing.

Here's what I have so far..

       if($firstname = ""){
       echo ""; }
       else {
       $sql_S = "INSERT INTO records (firstname, lastname, email, phone, duns, cage, expirationdate, businessname, address, city, state, zip, naics) VALUES ('{$firstname}','{$lastname}','{$email}','{$phone}','{$duns}','{$cage}','{$expirationDate}','{$businessName}','{$samAddress}','{$samCity}','{$samState}','{$samZip}','{$naics_num}')";
       $res_CE = mysql_query($sql_S);   
                        }

It doesn't seem to work and further more I can't get it to check multiple fields such as $firstname,$lastname.

Any input is greatly appreciated.

Thank you for your time.

John Chase
  • 105
  • 8
  • 1
    [Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Jun 06 '16 at 21:24
  • 1
    Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Jun 06 '16 at 21:24
  • 1
    `if($firstname == ""){` , double equal. – Jose Manuel Abarca Rodríguez Jun 06 '16 at 21:34
  • How would I connect $firstname and $lastname? With a comma inside the ()? Also I'll look up PDO and MySQLi right now. Thank you! – John Chase Jun 06 '16 at 21:57

1 Answers1

0

There is some solutions here.

A lot of if's

if($firstname == "" || $lastname == "") echo "error"; ...

A pseudo-validator:

foreach(['firstname', 'lastname'] as $var) {
    if ($$var == "") echo "error"; ...
}

A class with your rules:

$rules = ['firstname' => 'notEmpty', 'lastname' => 'notEmpty'];
$validator = new Validator($rules);

$myObj->firstname = $firstname;
$myObj->lastname = $lastname;
...

try {
    $validator->validate($myObj);
} ...

class Validator {

    protected $rules;
    protected $errors;

    public function __construct($rules) {
        $this->rules = $rules;
    }

    public function validate($obj) {
        $this->errors = [];
        $vars = get_object_vars($obj);
        foreach($this->rules as $attr => $arrayOfRules) {
            $rule = explode("|", $arrayOfRules);
            foreach($rule as $r) {
                switch($r) {
                    case "notEmpty":
                        if($this->ruleNotEmpty($vars[$attr])) {
                            $this->errors['notEmpty'][] = $attr;
                        }
                        break;
                    default:
                        break;
                }
            }
        }
        if(count($this->errors)) {
            //@TODO return all errors with messages here
            throw new Exception("Errors found");
        }
        return true;
    }

    protected function ruleNotEmpty($data) {
        return $data != "";
    }
}

This is some way to do this. There is a lot of frameworks and components that already do some validations, but this is some direction to go.

Felippe Duarte
  • 14,901
  • 2
  • 25
  • 29