Check if NULL???

akacj

Hi,

I have some Columns set as null in the mysql database, but when i submit a form with data it does not recognize its null and works successfully even tho there is not data in the textbox.

How to I check if it is null and if its blank it shall display a error message and end.

Here my code:

<?php

define('DB_NAME', 'currencytracking');
define('DB_USER', 'root');
define('DB_PASSWORD', '***********');
define('DB_HOST', 'localhost');

$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);

if (!$link) {
	die('Could Not Connect: ' . mysql_error());
}

$db_selected = mysql_select_db(DB_NAME, $link);

if (!$db_selected) {
	die('Can\'t use ' . DB_NAME . ': ' . mysql_error());
}

echo "<image src='picture.jpg' />";

echo "<a href='currencytracking-form.php'>Click here To go back</a>";

$value = $_POST['Denomination'];
$value2 = $_POST['Series'];
$value3 = $_POST['Serial_Number'];
$value4 = $_POST['Date_Entered'];

$sql = "INSERT INTO bills (Denomination, Series, Serial_Number, Date_Entered) VALUES ('$value', '$value2', '$value3', '$value4')";

if (!mysql_query($sql)) {
	die('Error: ' . mysql_error());
}

mysql_close();
?>

bradgrafelman

The problem is that the data from the form is not null, hence why it isn't null in the database. Note that an empty string is not the same as the NULL value.

If you want to interpret an empty string POST'ed to your script as a NULL value instead, then you'll have to add some logic to check that. More on that below..

Also note that you should never place user-supplied data directly into a SQL query string, else your code will be vulnerable to SQL injection attacks and/or just plain SQL errors. Instead, you must first sanitize the data with a function such as [man]mysql_real_escape_string/man (for string data) or use prepared statements.

One way I like to do all of the escaping and/or logic (as mentioned above) is to use [man]sprintf/man to build the SQL query, e.g.:

$sql = sprintf(
    "INSERT INTO myTable (numeric_val1, str_val2, str_val3, str_or_null_val4) VALUES (%d, '%s', '%s', %s)",
    $_POST['number_field'], // note this is safe because of the %d placeholder
    mysql_real_escape_string($_POST['some_string_field']),
    mysql_real_escape_string($_POST['another_string_field']),
    $_POST['possibly_null_field'] == '' ? 'NULL' : "'" . mysql_real_escape_string($_POST['possibly_null_field']) . "'"
);