0

I have a form which submits to a php file which inserts data to a table in MySQL there a some fields in this form which may not be filled in and if this is the case the record doesn't get inserted even though I have set the field in MySQL to accept nulls

My Code

<?php
    session_start();
    include "includes/connection.php";

    $title          = $_POST['inputTitle'];
    $firstname      = $_POST['inputFirstname'];
    $lastname       = $_POST['inputLastName'];
    $address1       = $_POST['inputAddress1'];
    $address2       = $_POST['inputAddress2'];
    $city           = $_POST['inputCity'];
    $county         = $_POST['inputCounty'];
    $postcode       = $_POST['inputPostcode'];
    $email          = $_POST['inputEmail'];
    $homephone      = $_POST['inputHomephone'];
    $mobilephone    = $_POST['inputMobilephone'];
    $userid         = $_POST['inputUserID'];

    if($title == '' || $firstname == '' || $lastname == '' || $address1 == '' || $address2 == '' || $city == '' || $county == '' || $postcode == '' || $email == '' || $homephone == '' || $mobilephone == '' || $userid == ''){
        $_SESSION['status'] = 'error';
    } else {
        mysql_query("INSERT INTO contact
                (`id`,`user_id`,`title`,`firstname`,`lastname`,`address1`,`address2`,`city`,`county`,`postcode`,`email`,`homephone`,`mobilephone`)
VALUES(NULL,'$userid','$title','$firstname','$lastname','$address1','$address2','$city','$county','$postcode','$email','$homephone','$mobilephone')") or die(mysql_error());
        $_SESSION['status'] = 'success';
    }
    header("location: contacts.php");
?>

can anyone tell me what I need to change to sort this issue out?

Best

Justin

P.s sorry if the code block is a bit long but I think it is relevant in this question.

Improve this question
3
  • Add "if (mysql_error()) echo mysql_error()'" before $_SESSION['status'] = 'success'; and comment out header("location: contacts.php"); to see if there were any sql errors. If there were - post it here. Commented Aug 12, 2011 at 10:37
  • The code lenght is fine. Your table structure would be good, too. Have a look at Bobby Tables: PHP on how to protect against SQL injection. Also, if one of the values is an empty string, the resulting row in MySQL would not have null values, but empty strings! Commented Aug 12, 2011 at 10:39
  • It's not clear what the issue is. Can you be more specific? Are there any errors? Commented Aug 12, 2011 at 10:40

1 Answer 1

Reset to default
2

You should change your assignement (for the null-able columns), like

$title = empty( $_POST['inputTitle'] )
 ? 'NULL'
 : "'" . mysql_real_escape_string( $_POST['inputTitle'] ) . "'"
;

And in your query you have to remove the quotes around the variables.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you for this could you show in my example above where to do this?
instead of $title=$_POST['inputTitle']

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.