whats the best professional way of insert with validation in mysqli.
Share
whats the best professional way of insert with validation in mysqli.
The first thing you can learn HTML, whether you want to become a professional web developer or just want to learn more about how websites work. The basic language for developing web pages and web applications is HTML. A server ...
Asynchronous Javascript One of AJAX’s benefits is it provides instantaneous feedback to the user because it requests information asynchronously from the backend web server. However, using AJAX does not guarantee the user will not wait for the asynchronous JavaScript and ...
How To Make Cookie Free Domain An HTTP cookie (also known as a web cookie, Internet cookie, browser cookie, or simply cookie) is a small piece of data sent from a website and stored on the user’s computer by the ...
If you are using PHP to save data into MySQL, then you can use the following
mysqli_real_escape_string($link, $string);
with the field values. This will stop sql injections.
can i post my code here?
yes, you can post here.
validation not working data automatically insertion problem
<!DOCTYPE html>
<html>
<body>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>
<body>
<?php
$link = mysqli_connect("localhost", "root", "", "college");
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$uname=$uemail=$upass="";
$nameerr=$emailerr=$passerr="";
if(isset($_POST[’sv’]))
{
$uname=$_POST[’uname’];
if (empty($uname))
{
$nameerr="Name is required";
}
else
{
$uname=mysqli_real_escape_string($link, strip_tags($uname));
}
$uemail=$_POST[’uemail’];
if (empty($uemail))
{
$emailerr="Email is required";
}
else
{
$uemail=mysqli_real_escape_string($link, strip_tags($uemail));
}
$upass=$_POST[’upass’];
if (empty($upass))
{
$passerr="Password is required";
}
else
{
$upass=mysqli_real_escape_string($link, strip_tags($upass));
}
$sql = "INSERT INTO userreg(u_name,u_email,u_pass) VALUES(’$uname’,’$uemail’,’$upass’)";
if(mysqli_query($link, $sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
mysqli_close($link);
}
?>
<form action="<?php echo $_SERVER[’PHP_SELF’]; ?>" method="post">
<table width="50%" border="1">
<tr>
<td>USERNAME</td>
<td><input name="uname" type="text" /></td>
<td width="200px;"><span class="error">* <?php echo $nameerr;?></span></td>
</tr>
<tr>
<td>EMAIL</td>
<td><input name="uemail" type="text" /></td>
<td><span class="error">* <?php echo $emailerr;?></span></td>
</tr>
<tr>
<td>PASSWORD</td>
<td><input name="upass" type="text" /></td>
<td><span class="error">* <?php echo $passerr;?></span></td>
</tr>
<tr>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="sv" id="button" value="Submit" /></td>
<td> </td>
</tr>
</table>
</form>
</body>
</html>
I just checked your code. You did not implement the validation properly. If you will see the code carefully, you have made code of insertion opened which means it will run whether you enter uname or not. So in this case data will be saved to database.
You would have to apply condition on your insertion eg.
if($emailerr!="" || $passerr!="")
{
}
else
{
$sql = "INSERT INTO userreg(u_name,u_email,u_pass) VALUES(’$uname’,’$uemail’,’$upass’)";
}
Please check and let me know.