PHP is submiiting blank data

Butters

Butters

Butters

Permabanned
Joined
22 Apr 2007
Posts
1,805
yo!

Thanks to help from this very site, I have the following code

Code: 
<?php
session_start();
if(!$_SESSION['username']) {
       //not logged in. redirect to login page
       header("Location: login.php");
       exit;
}

$p_title = $_POST['title'];
$p_menu_title = $_POST['menutitle'];
$p_summary = $_POST['summary'];
$p_body = $_POST['body'];

$address = "localhost";
$username = "mark1e_bourne";
$password = "you_wish";
$database = "mark1e_bourne";

mysql_connect($address,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$query = "INSERT INTO news (p_title, p_menu_title, p_summary, p_body) VALUES ('$p_title','$p_menu_title','$p_summary','$p_body')";
mysql_query($query);

mysql_close();

?>

directly above my HTML form

When I click update, the information is submitted accurately, but also, another entry is made which is completely blank.

Why is this? What do I need to add to the code to stop this happening?

The part at the top:-

Code: 
]<?php
session_start();
if(!$_SESSION['username']) {
       //not logged in. redirect to login page
       header("Location: login.php");
       exit;
}
is used because this is the first page presented after a successful login.

Any help, as always, greatly appreciated.

Thanks
 
I think the reason is because you're not blocking the query code. If your HTML is in the same file as that PHP code then what's to stop the PHP code being executed before the form is submitted? You need some sort of entry condition, this is normally some variable submitted along with the form to indicate what action to perform.

What do you do if the form is submitted with blank fields? The validation code for this will make up the 'blocking' code and restrict submission if the form is invalid and only allow a query to be processed if the form is valid. There are several methods of checking fields are empty and filtering the data in them, just search the recent PHP threads in this forum, they contain some good examples of this. Your best bet is probably to write some sort of function that does the validation to avoid code duplication.

EG:

<form name="add" method="POST">...</form>

if($_POST['add']) {
// The form has been submitted
// Check and Filter fields here before query
}
 
Last edited:
nice to see you completely ignoring advice from previous threads. :p

robmiller -
http://forums.overclockers.co.uk/showpost.php?p=10343443&postcount=5
http://forums.overclockers.co.uk/showpost.php?p=10343554&postcount=8

Markus123 -
http://forums.overclockers.co.uk/showpost.php?p=10345407&postcount=12

there would be no need for half as many of your threads if you took the time to read the replies to your previous questions. if you're looking at a php function and haven't a clue what it does... go look it up on php.net. surprisingly enough, by doing this you might learn something. :)
 
How many threads have you got now?

You seem to be way over your head as every time you hit a bump a new thread appears! :p
 
Code: 
<?php
session_start();
if(!$_SESSION['username']) {
       //not logged in. redirect to login page
       header("Location: login.php");
       exit;
}

if you're putting this on an actual website, do some more validation - I can set a session cookie for your site from Firefox and it doesn't matter if the username exists, it won't redirect me.

and read some tutorials.

and also, escape your $_POST variables.
 
Sic said:
if you're putting this on an actual website, do some more validation - I can set a session cookie for your site from Firefox and it doesn't matter if the username exists, it won't redirect me.
Click to expand...

How on earth would you set a session variable client-side?
 
OK, thanks guys, I'm really just being thrown in at the deepend here. My problem is I need to understand why the data is appearing, not just the code to solve it, and some of you are kind enough to point that out to me in simpler language which I am very greatful for.

Thanks again
 
psyr33n said:
Still, it's good practice to validate the contents of the session rather than just check the session's existence.
Click to expand...

Yeah, but for very simple things (effectively one user, no concept of permissions/capabilities) the OP's example will work fine. There's no way $_SESSION['username'] can be set other than by his script (provided his login script is secure).
 
ah no. session cookie is what I can do. I'd still do more validation than that, regardless.
 
You must log in or register to reply here.
Back
Top Bottom