I am having an issue with one of my .php pages.
adddata.php has a form which allows a user to submit certain data to the database however each time the page loads or is refreshed, the empty form is submitted (creating a row of blank values in the DB).
I have little experience with PHP so apologies in advance for any novice mistakes – here is the code:
<html>
<head>
<title>Project IPAM - Add Data</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<div id="container" class="container" style="width:980px">
<?php
include('./templates/header.php');
include('./templates/dbconnect.php');
?>
<?php
if(isset($_POST['submit']))
{
$name = $_POST['address_v4'];
echo "Successful submitted";
}
?>
<div id="content" style="background-color:#ABCDEF;height:500px;width:980px">
<!-- This is a example submit form to add data to the database !-->
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<td><form method="post" action="adddata.php">
<table width="" border="0" cellspacing="1" cellpadding="3">
<tr>
<td colspan="3"><strong>Insert Data Into mySQL Database </strong></td>
</tr>
<tr>
<td>IP(v4)</td>
<td>:</td>
<td><input name="address_v4" type="text" id="address_v4" maxlength="15"></td>
</tr>
<tr>
<td>Hostname</td>
<td>:</td>
<td><input name="hostname" type="text" id="hostname" maxlength="32"></td>
</tr>
<tr>
<td>Type</td>
<td>:</td>
<td><select name="type">
<option value="static">Static</option>
<option value="dhcp">DHCP</option>
<option value="reserved">Reserved</option>
</td>
</tr>
<tr>
<td>Updated By</td>
<td>:</td>
<td><input name="updated_by" type="text" id="updated_by" maxlength="16"></td>
</tr>
<tr>
<td>Notes</td>
<td>:</td>
<td><input name="notes" type="text" id="notes" maxlength="128"></td>
</tr>
<tr>
<td>Location</td>
<td>:</td>
<td><textarea cols="17" rows="7" name="location" type="text" id="location" maxlength="64"></textarea></td>
</tr>
<tr>
<td>Default Gateway</td>
<td>:</td>
<td><input name="default_gateway" type="text" id="default_gateway" maxlength="15"></td>
</tr>
<tr>
<td>Subnet Mask</td>
<td>:</td>
<td><input name="subnet_mask" type="text" id="subnet_mask" maxlength="15"></td>
</tr>
<tr>
<td colspan="3" align="center"><input type="submit" name="submit" value="Submit"></td>
</tr>
</table>
</form>
</td>
</tr>
</table>
<?php
// Connect to the DB
include_once('./templates/dbconnect.php');
// Get values from form and checks whether values have been initilized using the isset() function.
$address=isset($_POST['address_v4']);
$hostname=isset($_POST['hostname']);
$type=isset($_POST['type']);
$updated_by=isset($_POST['updated_by']);
$notes=isset($_POST['notes']);
$location=isset($_POST['location']);
$default_gateway=isset($_POST['default_gateway']);
$subnet_mask=isset($_POST['subnet_mask']);
// Insert data into mysql
$sql="INSERT INTO $tbl_name(address_v4, hostname, type, updated_by, notes, location, default_gateway, subnet_mask)
VALUES('$address','$hostname','$type','$updated_by','$notes','$location','$default_gateway','$subnet_mask')";
if (!mysql_query($sql,$con))//
{
die('Error: ' . mysql_error());
}
mysql_close($con)
?>
</div>
<div id="footer" style="background-color:#FFA500;clear:both;text-align:center;">
Copyright © 2011 Richard Day
</div>
</div>
</body>
</html>
The problem is where you’re checking is your $_POST variables are set, eg.:
issetreturns a boolean (true or false) value, not the data that’s in the variable you’re checking against. Change you’re lines to something like this:mysql_real_escape_stringwill help prevent SQL injection attacks being carried out against your website.EDIT
If I understand you right you also need to check to see if a form has actually been submitted before running your database statement, at the moment you’re running it regardless of whether or not the form has been submitted. Move all of your PHP code from the bottom of the document inside the
if(isset($_POST['submit']))statement at the top, that should sort it out.