...

View Full Version : help with php! and mysql query!



boominaudio
02-28-2011, 10:27 PM
Hello.

I have a PHP script that collects data from the form and inserts the data into a mysql query

the query will execute and display the information

my question is:

I can type the url of my php script and it will execute and display the whole database without having anything inserted into it

in other words when i directly execute my php script which is at

url.com/dir/myscript.php


it will execute the whole database


the sql looks like this when i go to that page without having sent data

SELECT * FROM PLACES WHERE NAME LIKE '%%'

is there a php function that can validate that there is actually data being sent?

please and thank you

Fumigator
02-28-2011, 10:41 PM
You can verify the page is being reached from your form easily by checking one of your $_POST variables. use isset() to see if the variable is set, and you can also check the value in the variable to make sure it's what you expect it to be.

Don't run your query if the qualifier(s) in your query are blank.

boominaudio
02-28-2011, 10:57 PM
You can verify the page is being reached from your form easily by checking one of your $_POST variables. use isset() to see if the variable is set, and you can also check the value in the variable to make sure it's what you expect it to be.

Don't run your query if the qualifier(s) in your query are blank.

$name = $_POST['name'];

select * from table where name like '%$name%'

where exactly do i put the isset function ?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum