This code has been produced with Dreamweaver 4.
It is a simple form to add data to a database of addresses. It works fine but I would like to stop empty records being inserted into the database. I have been testing against $_POST['Lname'] using the if() and isset() functions, but can not find where to place it or what the best test is. I am a little thrown as the code already has several complex if() statements in it and even trying to sanitise it with spacing has me befuddled.
Your thought and advice will be much appreciated.
Here is the code for Address_Add.php
<?php require_once('Connections/local_Reg.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
if (array_key_exists('cancel', $_POST)) {
header('Location: Address.php');
exit;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO address (Fname, Lname, House, Add1, Add2, Town, County, Pcode, Tel1, Tel2, Tel3, `Comment`) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['Fname'], "text"),
GetSQLValueString($_POST['Lname'], "text"),
GetSQLValueString($_POST['House'], "text"),
GetSQLValueString($_POST['Add1'], "text"),
GetSQLValueString($_POST['Add2'], "text"),
GetSQLValueString($_POST['Town'], "text"),
GetSQLValueString($_POST['County'], "text"),
GetSQLValueString($_POST['Pcode'], "text"),
GetSQLValueString($_POST['Tel1'], "text"),
GetSQLValueString($_POST['Tel2'], "text"),
GetSQLValueString($_POST['Tel3'], "text"),
GetSQLValueString($_POST['Comment'], "text"));
mysql_select_db($database_local_Reg, $local_Reg);
$Result1 = mysql_query($insertSQL, $local_Reg) or die(mysql_error());
$insertGoTo = "Address.php";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}
mysql_select_db($database_local_Reg, $local_Reg);
$query_Address_add = "SELECT Fname, Lname, House, Add1, Add2, Town, County, Pcode, Tel1, Tel2, Tel3, `Comment` FROM address";
$Address_add = mysql_query($query_Address_add, $local_Reg) or die(mysql_error());
$row_Address_add = mysql_fetch_assoc($Address_add);
$totalRows_Address_add = mysql_num_rows($Address_add);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Add Address</title>
<link href="address_twoColHybLt.css" rel="stylesheet" type="text/css">
</head>
<body>
<h1>Add Address</h1>
<p> </p>
<form method="post" name="form1" action="<?php echo $editFormAction; ?>">
<table align="center">
<tr valign="baseline">
<td nowrap align="right">First Name</td>
<td><input type="text" name="Fname" value="" size="50"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Surname</td>
<td><input type="text" name="Lname" value="" size="50"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">House name or number</td>
<td><input type="text" name="House" value="" size="50"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Address Line 1</td>
<td><input type="text" name="Add1" value="" size="50"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Address Line 2</td>
<td><input type="text" name="Add2" value="" size="50"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Town</td>
<td><input type="text" name="Town" value="" size="50"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">County</td>
<td><input type="text" name="County" value="" size="50"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Post Code</td>
<td><input type="text" name="Pcode" value="" size="50"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Telephone 1</td>
<td><input type="text" name="Tel1" value="" size="50"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Telephone 2</td>
<td><input type="text" name="Tel2" value="" size="50"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Telephone 3</td>
<td><input type="text" name="Tel3" value="" size="50"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Comment</td>
<td><textarea name="Comment" cols="50" rows="3"></textarea></td>
</tr>
<tr valign="baseline">
<td nowrap align="right"> </td>
<td><input type="submit" class="Name" value="Insert record">
<label for="cancel"></label>
<input name="cancel" type="submit" class="cancel_button" id="cancel" value="Cancel"></td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="form1">
</form>
<p> </p>
<p> </p>
</body>
</html>
<?php
mysql_free_result($Address_add);
?>
