Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New to the CF scene
    Join Date
    Jan 2011
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts

    help with php! and mysql query!

    Hello.

    I have a PHP script that collects data from the form and inserts the data into a mysql query

    the query will execute and display the information

    my question is:

    I can type the url of my php script and it will execute and display the whole database without having anything inserted into it

    in other words when i directly execute my php script which is at

    url.com/dir/myscript.php


    it will execute the whole database


    the sql looks like this when i go to that page without having sent data

    SELECT * FROM PLACES WHERE NAME LIKE '%%'

    is there a php function that can validate that there is actually data being sent?

    please and thank you

  • #2
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    You can verify the page is being reached from your form easily by checking one of your $_POST variables. use isset() to see if the variable is set, and you can also check the value in the variable to make sure it's what you expect it to be.

    Don't run your query if the qualifier(s) in your query are blank.

  • #3
    New to the CF scene
    Join Date
    Jan 2011
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fumigator View Post
    You can verify the page is being reached from your form easily by checking one of your $_POST variables. use isset() to see if the variable is set, and you can also check the value in the variable to make sure it's what you expect it to be.

    Don't run your query if the qualifier(s) in your query are blank.
    $name = $_POST['name'];

    select * from table where name like '%$name%'

    where exactly do i put the isset function ?


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •