On Tuesday 30 March 2004 20:13, irinchiang@xxxxxxxxxxxxxxxxx wrote:
> okay I have echoed $sql and before I did enter anything into the form, the
> form is already inserting null values into the database. Maybe that is the
> reason for the duplicate row of null values.
Yes, that would be the reason.
> Do you know how can I prevent this from happening??Hope to hear from you
> soon.
You're not performing any checks on the input you're getting from your form.
The most simple check for whether the form was submitted is to use:
if (!empty($_POST)) { // form was submitted }
or
if (!empty($_GET)) { // form was submitted }
In addition you should always perform sanity checks on values of the
individual form elements. Search the archives/web for 'sql injection' for
more info.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-db
------------------------------------------
/*
Place me on a BUFFER counter while you BELITTLE several BELLHOPS in the
Trianon Room!! Let me one of your SUBSIDIARIES!
*/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
