Form making INSERT empty in Database

0

I am creating a simple registration page and created a Form to store what was typed in the Database. However, even with Form validation in PHP to see if it has any empty fields, when I click Register, it stores blank data in the Database. Could you lend me a hand in this case?

This is the html form and field validations in PHP.

<form method="post" name="formCadastro" action="inserir_dados.php" >

            <input type="text" id="nome" name="nome" placeholder="Seu nome completo"

                    <?php
                        if(!empty($_SESSION['value_nome'])){
                            echo "value='".$_SESSION['value_nome']."'";
                            unset($_SESSION['value_nome']);
                        }
                     ?>>
                     <?php
                        if(!empty($_SESSION['vazio_nome'])){
                            echo "<p style='color: #b63e3e;position: relative; top:43px'>".$_SESSION['vazio_nome']."</p>";
                            unset($_SESSION['vazio_nome']);
                        }
                     ?>             

            <br><br><br>
            <input type="text" id="email" name="email" placeholder="Email comercial"

                    <?php
                        if(!empty($_SESSION['value_email'])){
                            echo "value='".$_SESSION['value_email']."'";
                            unset($_SESSION['value_email']);
                        }
                     ?>>
                     <?php
                        if(!empty($_SESSION['vazio_email'])){
                            echo "<p style='color: #b63e3e;position: relative; top:43px'>".$_SESSION['vazio_email']."</p>";
                            unset($_SESSION['vazio_email']);
                        }
                     ?>                     

            <br><br><br>
            <input type="text" id ="fone" name="fone" placeholder="Telefone com DDD"

                    <?php
                        if(!empty($_SESSION['value_fone'])){
                            echo "value='".$_SESSION['value_fone']."'";
                            unset($_SESSION['value_fone']);
                        }
                     ?>>
                     <?php
                        if(!empty($_SESSION['vazio_fone'])){
                            echo "<p style='font-family: Helvetica Neue; color: #b63e3e;position: relative; top:43px'>".$_SESSION['vazio_fone']."</p>";
                            unset($_SESSION['vazio_fone']);
                        }
                     ?>     

            <br><br><br>
            <input type="submit" value="Cadastrar">

        </form>

Here is the code to store in the DB.

<?php

session_start ();

include_once 'conexao.php';

$nome = null;
$email = null;
$fone = null;

if(empty($_POST['nome'])){
    $_SESSION['vazio_nome'] = "Campo nome é obrigatório";
    $url = 'index.php';
    echo "
    <META HTTP-EQUIV=REFRESH CONTENT = '0;URL=$url'>
    ";
}else{
    $_SESSION['value_nome'] = $_POST['nome'];
}

if(empty($_POST['email'])){
    $_SESSION['vazio_email'] = "Campo e-mail é obrigatório";
    $url = 'index.php';
    echo "
    <META HTTP-EQUIV=REFRESH CONTENT = '0;URL=$url'>
    ";
}else{
    $_SESSION['value_email'] = $_POST['email'];
}

if(empty($_POST['fone'])){
    $_SESSION['vazio_fone'] = "Campo e-mail é obrigatório";
    $url = 'index.php';
    echo "
    <META HTTP-EQUIV=REFRESH CONTENT = '0;URL=$url'>
    ";
}else{
    $_SESSION['value_fone'] = $_POST['fone'];
}

$nome = mysqli_real_escape_string($conexao, $_POST['nome']);
$email = mysqli_real_escape_string($conexao, $_POST['email']);
$fone = mysqli_real_escape_string($conexao, $_POST['fone']);

$result_sql = "INSERT INTO cliente (nome,email,fone) VALUES ('$nome','$email','$fone')";

$resultado_sql= mysqli_query($conexao, $result_sql);

if($conexao->query($result_sql) == TRUE){
    echo "Usuário OK";      
}else{
    echo "Erro".$result_sql."<br>".$conexao->error;
        }
$conexao->close();

? >

    
asked by anonymous 14.04.2017 / 22:46

2 answers

0
  

Your HTML form is correct, within what you set out to do.

You only need to put session_start(); on the first line and correct

$_SESSION['vazio_fone'] = "Campo telefone é obrigatório";

Already in the PHP page insert_dados.php you validate the server-side data .

if(empty($_POST['nome'])){..  if(empty($_POST['email'])){ ..  if(empty($_POST['fone'])){...

So far so good. However, the PHP script continues to run and goes against the insert.

As no restriction has been imposed, the insert will be executed anyway, that is, whether or not the form fields were sent.

You can prevent the script from continuing to run simply by setting exit(); after the refresh goals

echo("<META HTTP-EQUIV=REFRESH CONTENT = '0;URL=$url'>"); exit();

This code snippet $resultado_sql= mysqli_query($conexao, $result_sql); is left over and repeated in the database.

  

You may like this template instead of using exit ();

Note that if any data has not been sent a variable is created $insert="nananinanao";

This variable will prevent the insert in the table if any data is not passed

insert_data.php

session_start();

include_once 'conexao.php';

$nome = null;
$email = null;
$fone = null;

  if(empty($_POST['nome'])){
       $_SESSION['vazio_nome'] = "Campo nome é obrigatório";
       $insert="nananinanao";
  }else{
       $_SESSION['value_nome'] = $_POST['nome'];
  }

  if(empty($_POST['email'])){
       $_SESSION['vazio_email'] = "Campo e-mail é obrigatório";
       $insert="nananinanao";
  }else{
       $_SESSION['value_email'] = $_POST['email'];
   }

   if(empty($_POST['fone'])){
       $_SESSION['vazio_fone'] = "Campo e-mail é obrigatório";
       $insert="nananinanao";
   }else{
       $_SESSION['value_fone'] = $_POST['fone'];
   }

   if ($insert!="nananinanao"){
       $nome = mysqli_real_escape_string($conexao, $_POST['nome']);
       $email = mysqli_real_escape_string($conexao, $_POST['email']);
       $fone = mysqli_real_escape_string($conexao, $_POST['fone']);

       $result_sql = "INSERT INTO cliente (nome,email,fone) VALUES ('$nome','$email','$fone')";

    }else{
        $url = 'index.php';
        echo("<META HTTP-EQUIV=REFRESH CONTENT = '0;URL=$url'>");
        exit();
    }

    if($conexao->query($result_sql) == TRUE){
         echo "Usuário OK";      
    }else{
         echo "Erro".$result_sql."<br>".$conexao->error;
    }
    $conexao->close();
    
15.04.2017 / 02:50
0

PHP validation of a form must be done on the server and will not work because you put it on the client side. On the client side, you should use javascript to do the validation.

Considering that the client-side validation is not completely reliable, you should do it again on the server before saving the information in the database.

You can make only one PHP file that covers all items, ie form, javascript validation, server validation (PHP), data recording, and error messages.

You can also do the validation only on the server (PHP), omit it from the client. The opposite is not recommended.

    
14.04.2017 / 23:11