Form making empty INSERT in Database

Asked

Viewed 1,631 times

1

I am creating a simple registration page and created a Form to store what was typed in the Database. However, even with the validation of the Form in PHP to see if there is an empty field, when I click Register, it stores blank data in the Database. You could give me a hand on this case?

This is the html form and validations of the PHP fields.

<form method="post" name="formCadastro" action="inserir_dados.php" >

            <input type="text" id="nome" name="nome" placeholder="Seu nome completo"

                    <?php
                        if(!empty($_SESSION['value_nome'])){
                            echo "value='".$_SESSION['value_nome']."'";
                            unset($_SESSION['value_nome']);
                        }
                     ?>>
                     <?php
                        if(!empty($_SESSION['vazio_nome'])){
                            echo "<p style='color: #b63e3e;position: relative; top:43px'>".$_SESSION['vazio_nome']."</p>";
                            unset($_SESSION['vazio_nome']);
                        }
                     ?>             

            <br><br><br>
            <input type="text" id="email" name="email" placeholder="Email comercial"

                    <?php
                        if(!empty($_SESSION['value_email'])){
                            echo "value='".$_SESSION['value_email']."'";
                            unset($_SESSION['value_email']);
                        }
                     ?>>
                     <?php
                        if(!empty($_SESSION['vazio_email'])){
                            echo "<p style='color: #b63e3e;position: relative; top:43px'>".$_SESSION['vazio_email']."</p>";
                            unset($_SESSION['vazio_email']);
                        }
                     ?>                     

            <br><br><br>
            <input type="text" id ="fone" name="fone" placeholder="Telefone com DDD"

                    <?php
                        if(!empty($_SESSION['value_fone'])){
                            echo "value='".$_SESSION['value_fone']."'";
                            unset($_SESSION['value_fone']);
                        }
                     ?>>
                     <?php
                        if(!empty($_SESSION['vazio_fone'])){
                            echo "<p style='font-family: Helvetica Neue; color: #b63e3e;position: relative; top:43px'>".$_SESSION['vazio_fone']."</p>";
                            unset($_SESSION['vazio_fone']);
                        }
                     ?>     

            <br><br><br>
            <input type="submit" value="Cadastrar">

        </form>

Here is the code to store in the BD.

<?php

session_start();

include_once 'conexao.php';

$nome = null;
$email = null;
$fone = null;

if(empty($_POST['nome'])){
    $_SESSION['vazio_nome'] = "Campo nome é obrigatório";
    $url = 'index.php';
    echo "
    <META HTTP-EQUIV=REFRESH CONTENT = '0;URL=$url'>
    ";
}else{
    $_SESSION['value_nome'] = $_POST['nome'];
}

if(empty($_POST['email'])){
    $_SESSION['vazio_email'] = "Campo e-mail é obrigatório";
    $url = 'index.php';
    echo "
    <META HTTP-EQUIV=REFRESH CONTENT = '0;URL=$url'>
    ";
}else{
    $_SESSION['value_email'] = $_POST['email'];
}

if(empty($_POST['fone'])){
    $_SESSION['vazio_fone'] = "Campo e-mail é obrigatório";
    $url = 'index.php';
    echo "
    <META HTTP-EQUIV=REFRESH CONTENT = '0;URL=$url'>
    ";
}else{
    $_SESSION['value_fone'] = $_POST['fone'];
}

$nome = mysqli_real_escape_string($conexao, $_POST['nome']);
$email = mysqli_real_escape_string($conexao, $_POST['email']);
$fone = mysqli_real_escape_string($conexao, $_POST['fone']);

$result_sql = "INSERT INTO cliente (nome,email,fone) VALUES ('$nome','$email','$fone')";

$resultado_sql= mysqli_query($conexao, $result_sql);

if($conexao->query($result_sql) == TRUE){
    echo "Usuário OK";      
}else{
    echo "Erro".$result_sql."<br>".$conexao->error;
        }
$conexao->close();

?>

  • In your database table, at least one field should be não nulo for example the name field. That would solve a lot!

2 answers

0

The PHP validation of a form, should be done on the server and will not work because you put it on the client side. On the client side, you must use javascript to validate.

Whereas client-side validation is not fully reliable, you should do it again on the server, before saving the information in the database.

You can make only one PHP file that encompasses all the items, that is, the form. , client validation (javascript), server validation (PHP), data saving and error messages.

You can also validate only on the server (PHP), omit it from the client. Otherwise it is not recommended.

0


Your HTML form is correct, within what you set out to do.

just left you put session_start(); in the first line and correct

$_SESSION['vazio_fone'] = "Campo telefone é obrigatório";

Already in the PHP page insert.php data you validate the data on the server side.

if(empty($_POST['nome'])){..  if(empty($_POST['email'])){ ..  if(empty($_POST['fone'])){...

So far so good. Only that the PHP script is still running and meets the Insert.

As no restriction has been imposed, Insert will be executed anyway, that is, whether or not form fields have been sent.

You can prevent the script from running by simply putting exit(); after the refresh targets

echo("<META HTTP-EQUIV=REFRESH CONTENT = '0;URL=$url'>"); exit();

That piece of code $resultado_sql= mysqli_query($conexao, $result_sql); is left over and doing repeated Insert in the bank.

You might like this template instead of using Exit();

Note that if any data has not been sent a variable is created $insert="nananinanao";

It is this variable that will prevent the Insert in the table if some data is not passed

insert.php data

session_start();

include_once 'conexao.php';

$nome = null;
$email = null;
$fone = null;

  if(empty($_POST['nome'])){
       $_SESSION['vazio_nome'] = "Campo nome é obrigatório";
       $insert="nananinanao";
  }else{
       $_SESSION['value_nome'] = $_POST['nome'];
  }

  if(empty($_POST['email'])){
       $_SESSION['vazio_email'] = "Campo e-mail é obrigatório";
       $insert="nananinanao";
  }else{
       $_SESSION['value_email'] = $_POST['email'];
   }

   if(empty($_POST['fone'])){
       $_SESSION['vazio_fone'] = "Campo e-mail é obrigatório";
       $insert="nananinanao";
   }else{
       $_SESSION['value_fone'] = $_POST['fone'];
   }

   if ($insert!="nananinanao"){
       $nome = mysqli_real_escape_string($conexao, $_POST['nome']);
       $email = mysqli_real_escape_string($conexao, $_POST['email']);
       $fone = mysqli_real_escape_string($conexao, $_POST['fone']);

       $result_sql = "INSERT INTO cliente (nome,email,fone) VALUES ('$nome','$email','$fone')";

    }else{
        $url = 'index.php';
        echo("<META HTTP-EQUIV=REFRESH CONTENT = '0;URL=$url'>");
        exit();
    }

    if($conexao->query($result_sql) == TRUE){
         echo "Usuário OK";      
    }else{
         echo "Erro".$result_sql."<br>".$conexao->error;
    }
    $conexao->close();
  • I made the changes you suggested and it worked perfectly here, thank you very much!

Browser other questions tagged

You are not signed in. Login or sign up in order to post.