PHP form (sometimes) feeds blank entries into MySQL

Question

I've tried creating a basic registration form (I'm pretty new to PHP). The form works sometimes, but most of the times it's just sending blank entries into the MySQL database. Below is the code:

I have the following form:

<form action="#" method="post">
        <h2 class="sub-heading-agileits">Participant 1</h2>
        <div class="main-flex-w3ls-sectns">
            <div class="field-agileinfo-spc form-w3-agile-text1">
                <input type="text" name="name1" placeholder="Full Name" required="">
            </div>
            <div class="field-agileinfo-spc form-w3-agile-text1">
                <select class="form-control" name="year1">
                                    <option>Year</option>
                                    <option value="1st Year">1st Year</option>
                                    <option value="2nd Year">2nd Year</option>
                                    <option value="3rd Year">3rd Year</option>
                                </select>
            </div>
        </div>
        <div class="main-flex-w3ls-sectns">
            <div class="field-agileinfo-spc form-w3-agile-text2">
                <input type="text" name="phone1" placeholder="Phone Number" required="">
            </div>
            <div class="field-agileinfo-spc form-w3-agile-text2">
                <input type="text" name="college1" placeholder="College" required="">
            </div>
        </div>
        <div class="field-agileinfo-spc form-w3-agile-text">
            <input type="email" name="email1" placeholder="Email" required="">
        </div>
        <h2 class="sub-heading-agileits">Participant 2</h2>
        <div class="main-flex-w3ls-sectns">
            <div class="field-agileinfo-spc form-w3-agile-text1">
                <input type="text" name="name2" placeholder="Full Name">
            </div>
            <div class="field-agileinfo-spc form-w3-agile-text1">
                <select class="form-control" name="year2">
                                    <option>Year</option>
                                    <option value="1st Year">1st Year</option>
                                    <option value="2nd Year">2nd Year</option>
                                    <option value="3rd Year">3rd Year</option>
                                </select>
            </div>
        </div>
        <div class="main-flex-w3ls-sectns">
            <div class="field-agileinfo-spc form-w3-agile-text2">
                <input type="text" name="phone2" placeholder="Phone Number">
            </div>
            <div class="field-agileinfo-spc form-w3-agile-text2">
                <input type="text" name="college2" placeholder="College">
            </div>
        </div>
        <div class="field-agileinfo-spc form-w3-agile-text">
            <input type="email" name="email2" placeholder="Email">
        </div>
        <div class="clear"></div>
        <input type="submit" value="Submit">
        <input type="reset" value="Clear Form">
        <div class="clear"></div>
    </form>

I'm sorry for the long form code.

This is the PHP code to post the data to the database:

$servername = "localhost";
$username = "fic";
$password = "fic201718";
$dbname = "fic201718";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}
$name1 = $_POST['name1'];
$year1 = $_POST['year1'];
$phone1 = $_POST['phone1'];
$college1 = $_POST['college1'];
$email1 = $_POST['email1'];
$name2 = $_POST['name2'];
$year2 = $_POST['year2'];
$phone2 = $_POST['phone2'];
$college2 = $_POST['college2'];
$email2 = $_POST['email2'];
$sql = "INSERT INTO identitytheft (Participant1Name,Participant1Year,Participant1Phone,Participant1College,Participant1eMail,Participant2Name,Participant2Year,Participant2Phone,Participant2College,Participant2eMail) VALUES ('$name1','$year1','$phone1','$college1','$email1','$name2','$year2','$phone2','$college2','$email2')";
$conn->query($sql);
if (!empty($_POST['name1'])) {
    echo ("<script type=\"text/javascript\"> alert('Successfully Registered'); </script>");
}

However, the form sometimes inserts absolutely blank data into the database. It sometimes works though.

One thing that I have noticed is, I do not get blank rows if there are no special characters in the responses. My columns are set to utf8_unicode_ci (all of the columns). Could there be something wrong here? Please help?

When blank data is inserted to the database, is it every value it blank or some of the values? A tip for you moving forward: your variable names should match the database column names. It helps to make sure everything is lined up. — Full Stack Alien, Mar 20 '18 at 18:22
Hey, every column is blank. It's not just a particular column. Nothing is fed into the database. — Vidul Talwar, Mar 20 '18 at 18:33
Possible duplicate of [PHP Form sends blank data to mySQL](https://stackoverflow.com/questions/31955976/php-form-sends-blank-data-to-mysql) — Charles, Mar 20 '18 at 18:57
Hey, that's the only form connected to the only table in the database. — Vidul Talwar, Mar 20 '18 at 19:00
It's never a good idea to insert data into a database without first validating the data. In php, you should at least use `mysqli_escape_string` http://php.net/manual/en/function.mysqli-escape-string.php. If you were validating your data before submitting, you would also be able to detect and catch empty forms. — wlh, Mar 20 '18 at 20:41
Hey, form validation is being done using javascript. I'm pretty sure there are no blank forms being submitted. — Vidul Talwar, Mar 21 '18 at 01:56

score 0 · Answer 1 · answered Mar 20 '18 at 18:33

If your POST variables aren't empty and the data you see is what you expect then it isn't your form and most like your query. Use var_dump to check your post variables after the form submission.

var_dump($_POST);

The first thing I will note is that you current approach is susceptible to SQL injection, so you'll want to clean up your code. Look up prepared statments http://php.net/manual/en/mysqli.quickstart.prepared-statements.php.

I'll clean up your current query, which should work for you. I obviously don't have your database setup, so I can test it. You don't have to format it like I did and I don't usually format it this way unless I'm debugging -- it helps align the column names with the values.

<?php
$servername = "localhost";
$username = "fic";
$password = "fic201718";
$dbname = "fic201718";

$conn = new mysqli($servername, $username, $password, $dbname);

if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

$name1 = $_POST['name1'];
$year1 = $_POST['year1'];
$phone1 = $_POST['phone1'];
$college1 = $_POST['college1'];
$email1 = $_POST['email1'];
$name2 = $_POST['name2'];
$year2 = $_POST['year2'];
$phone2 = $_POST['phone2'];
$college2 = $_POST['college2'];
$email2 = $_POST['email2'];

$sql = "INSERT INTO identitytheft (
    Participant1Name,
    Participant1Year,
    Participant1Phone,
    Participant1College,
    Participant1eMail,
    Participant2Name,
    Participant2Year,
    Participant2Phone,
    Participant2College,
    Participant2eMail)
    VALUES (
    '".$name1."',
    '".$year1."',
    '".$phone1."',
    '".$college1."',
    '".$email1."',
    '".$name2."',
    '".$year2."',
    '".$phone2."',
    '".$college2."',
    '".$email2."'
)";
$conn->query($sql);
if (!empty($_POST['name1'])) {
    echo ("<script type=\"text/javascript\"> alert('Successfully Registered'); </script>");
}
?>

Hey, I've just started learning - I'll get to the part of protecting the data from SQL Injections pretty soon. — Vidul Talwar, Mar 20 '18 at 18:36
Thanks for your help, will check the code and let you know if it solves the problem. Also, formatting the code like yours is a better idea. I'll do it whenever I write any code in the future. — Vidul Talwar, Mar 20 '18 at 18:37
Hey, no luck It still gives me some responses as totally blank. One thing that I have noticed is, I do not get blank rows if there are no special characters in the responses. My columns are set to utf8_unicode_ci (all of the columns). Could there be something wrong here? — Vidul Talwar, Mar 20 '18 at 18:56
What is the datatype set to? varchar? int? -- more than likely it doesn't have anything to do with the collation — Full Stack Alien, Mar 20 '18 at 19:12

score 0 · Answer 2 · answered Mar 20 '18 at 19:10

0

if(!empty($varname) && !empty($varname)){
  sql statements over here within php code
}

you can add this similar type of code,as it works only when the input fields are not empty and does not post non empty data into your database

answered Mar 20 '18 at 19:10

Killer

47
3

PHP form (sometimes) feeds blank entries into MySQL

2 Answers2