0

I was just wondering if you anyone had a better way to check for an empty string, this one works but shows the error the first time you load the form, (because the querys empty).

pretty simply check here.

$order = "INSERT INTO sbh_itemsheet
   (shopCode, itemNumber, itemDescription)
  VALUES
('$shopCode','$itemNumber','$itemDescription')";


 $result = mysql_query($order); //order executes

 if($result)
{
 echo("
 Input data is succeed");
}
else
{
 echo("
 Input data is fail");
}

I can't figure out how to get rid of the first error message, really i should start the check at the beggining of the script and not the bottom, but my brains stopped working today and I thought some of you lovely people may be able to help.

Improve this question
3
  • 2
    Please don't assemble MySQL statements by inserting variables into strings. If you don't escape the incoming data properly then your application will be at risk of an SQL injection attack. You should investigate using prepared statements instead. Commented Jul 9, 2014 at 15:19
  • I usually use a hidden form value called "submitting", and set that to "1" at form submission. Then when the POST comes through, I check $submitting = $_POST('submitting'); And only execute the necessary code if the form is being submitted. Commented Jul 9, 2014 at 15:22
  • Just so its known, this is a section only accessible to people with login access, Injection attacks arn't a problem as login setup is using PDO. only 3 people have access. When I have time this will change @LeighSimpson Commented Jul 9, 2014 at 15:24

3 Answers 3

Reset to default
1

You will need to check that the variables exist before processing your Query

$result = false;
if($shopCode !="" && $itemNumber !="" && $itemDescription !="")
{
    $order = "INSERT INTO sbh_itemsheet
    (shopCode, itemNumber, itemDescription)
    VALUES
    ('$shopCode','$itemNumber','$itemDescription')";

    $result = mysql_query($order); //order executes

    if($result)
    {
        echo("Input data is succeed");
    }
    else
    {
        echo("Input data is fail");
    }
}

My example above answers your question. I would however look into moving from mysql to mysqli or pdo

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I think you are missing the point here... Your code will yield exactly the same results as the OP. The first time the page is loaded when the parameters( $shopCode, $itemNumber...etc) are missing, you will still get the "Input data is fail" result.
@lix it was a typo, ending curly brace was in the incorrect place.
I'm going to use this untill I get a chance to re-write it with PDO, Thanks this has answered my question.
0

You could test the values you input into your query before actually executing it:

if ( $shopCode && $itemNumber && $itemDescription ){
  // Query params exist - run the query
  $order = "INSERT INTO...";
  ...
} else {
  // Query params missing - query not executed 
}

As a final note, I recommend you read the following post that explains why using the mysql_* library is a really bad idea: Why shouldn't I use mysql_* functions in PHP?

Improve this answer

6 Comments

Notice: Undefined variable: shopCode
@AbraCadaver- yes.. this is true as my code is only a snippet. I'm not too sure what you mean by your comment...
The OP complains of an undefined variable error and your code throws an undefined variable error.
@AbraCadaver - I can not see that information from the OP... Where did you see details on an Undefined variable error?
You post code that throws an error if the variable is not set which is the problem in the question.
|
0

You can check if they are set:

if(isset($shopCode, $itemNumber, $itemDescription)) {
    // do your stuff
}

Or if they are empty:

if(!empty($shopCode) && !empty($itemNumber) && !empty($itemDescription)) {
    // do your stuff
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.