Home > Software engineering >  SQLite insert upon page refresh
SQLite insert upon page refresh

Time:10-10

I have few input types on a form and a submit button as following:

<form id="register_form" method="post" role="form" action="">
    <input autofocus="" id="firstname" name"firstname" placeholder="First Name" type="text" required />
    <textarea id="Address" name="Adress" placeholder="No Address" type="text" rows="3" cols="30"></textarea>
    <select id="country" name="country" required>
            <option selected>Choose</option>
            <option value="10">Germany</option>
            <option value="11">Poland</option>
            <option value="12">United Kingdom</option>
    </select>
    <button type="submit">Submit My New Entry</button>
</form>

Also i have a PHP code for submitting my data to a SQLite database:

<?php
try {
    //open the database
    $db = new PDO('sqlite:db/users.db');

    $firstname = $_POST["firstname"]; 
    $Address = $_POST["Address"];
    $country = $_POST["country"];
    
    //Insert record  
    $db->exec("INSERT INTO details 
                        (firstname, Address, country) 
                VALUES ('$firstname', '$Address', '$country')");

    $db = NULL;
} catch(PDOException $e) {
    print 'Exception : ' .$e->getMessage();
}
?>

My problem is that every time i refresh the page the script cause to register a new entry into my databse with empty fields, even if some input fields are marked as required or the databse table is set to rollback on NULL value (both are ignored). How can i avoid this?

PS. required works only if i press the submit button.

CodePudding user response:

Your PHP script contains both the PHP and HTML (the form), so if you load this script, the PHP script will be triggered immediately, which will insert a blank record

(1) So, you should slightly amend the page so that only if there is form submission by POST (when someone submits the form), then to do the PHP part, by adding say :

if (isset($_POST["firstname"])){
// the PHP codes
}

(2) There is a typo in your HTML form, name="Adress" should be name="Address"

(3) Please use parameterized prepared statement in your PHP insert query to avoid SQL injection attacks

So the code is:

<?php

if (isset($_POST["firstname"])){

try {
    //open the database
    $pdo = new PDO('sqlite:db/users.db');

    $firstname = $_POST["firstname"]; 
    $Address = $_POST["Address"];
    $country = $_POST["country"];
    
$data = [
    'firstname' => $firstname,
    'Address' => $Adddress,
    'country' => $country,
];

$sql="INSERT INTO details (firstname, Address, country) VALUES (:firstname, :Address, :country)";

$stmt= $pdo->prepare($sql);
$stmt->execute($data);

$pdo = NULL;
} catch(PDOException $e) {
    print 'Exception : ' .$e->getMessage();
}}
?>

<form id="register_form" method="post" role="form" action="#">
<table border=0><tr><td>
First Name: 
<td>
<input autofocus="" id="firstname" name="firstname" placeholder="First Name" type="text" required />
<tr><td>
Address: 
<td><textarea id="Address" name="Address" placeholder="No Address" type="text" rows="3" cols="30"></textarea>
<tr><td>
Country: <td>
<select id="country" name="country" required>
            <option selected>Choose</option>
            <option value="10">Germany</option>
            <option value="11">Poland</option>
            <option value="12">United Kingdom</option>
</select>
<tr><td><button type="submit">Submit My New Entry</button>
</form>

CodePudding user response:

You just need to block the code from running.

This code, checks for the POST data and checks so there is content. Then runs the database processing.

PHP

<?php

function processData()
{
  try
  {
    list($firstname, $address, $country) = $_POST;
  
    $db = new PDO('sqlite:db/users.db');
    $db->exec("INSERT INTO details (firstname, address, country) VALUES ('$firstname', '$address', '$country')");
  }
  catch (PDOException $e)
  {
    printf("Exception : %s", $e->getMessage());
  }
}

if (
  (isset($_POST["firstname"]) && !empty($_POST["firstname"]))
  && (isset($_POST["address"]) && !empty($_POST["address"]))
  && (isset($_POST["country"]) && !empty($_POST["country"]))
)
{
  processData();
}

?>

HTML:

<form
  action=""
  id="register_form"
  method="post"
  role="form"
>
  <input
    autofocus
    id="firstname"
    name"firstname"
    placeholder="First Name"
    type="text"
    required
  />
  <textarea
    id="address"
    name="address"
    placeholder="No address"
    type="text"
    rows="3"
    cols="30"
  ></textarea>
  <select
    id="country"
    name="country"
    required
  >
    <option disabled selected>Choose</option>
    <option value="10">Germany</option>
    <option value="11">Poland</option>
    <option value="12">United Kingdom</option>
  </select>
  <button type="submit">Submit My New Entry</button>
</form>

Page link:https//www.codepudding.com/Softwareengineering/570844.html

Prev:how to use AND and OR together in php
Next:I'm trying to pass dynamic values to an .html file before sending it as an attachment using Php
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding