Home/ Questions/Q 7597777
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-30T22:14:25+00:00

I have input fields, but if the users leave it blank, i want to

  • 0

I have input fields, but if the users leave it blank, i want to insert a null value to my database.

I request values like this:

$val1 = htmlspecialchars($_REQUEST["val"], ENT_QUOTES);

And then insert them to the DB:

INSERT INTO `table` ( `val1` , `val2` , `val3`) 
VALUES ('$val1', '$val2', '$val3');

I have tried removing the ‘ around val1, val2, val3 – but then nothing gets inserted into the DB if there is no value. I have also tried something like this:

if (!empty($val1)) {
$val1 = "'".$val1."'";
} else {
$val1 = NULL;}

And then without the ‘ around the values – still no insert to the DB

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Ok, first this

    INSERT INTO table ( val1 , val2 , val3)
    VALUES (‘val1’, ‘val2’, ‘val3’);

    will only ever insert the literal values “val1”, “val2” and “val3”. You aren’t using any PHP variables.

    Secondly, use prepared statements and parameter binding to perform your queries to protect yourself from SQL injection. For example, using PDO

    $pdo = new PDO(/* DSN, username and password, just read the docs */);

$stmt = $pdo->prepare('INSERT INTO table (val1, val2, val3) VALUES (?, ?, ?)');

$params = array(
    isset($_REQUEST['val1']) ? $_REQUEST['val1'] : null,
    isset($_REQUEST['val2']) ? $_REQUEST['val2'] : null,
    isset($_REQUEST['val3']) ? $_REQUEST['val3'] : null
);

$stmt->execute($params);

    Also, you shouldn’t HTML encode values going into a database. Perform the encoding when you display the value in an HTML document.

    • 0