0

I'm super new to PHP and I recently tried to create a "system" that adds customers to the SQLite database and displays them in a table. Well, every time I navigate to the HTML page in order to add a new customer, the script runs itself creating empty values within the database. When I click submit after filling the values it just works properly. Below I attach my code for this specific part of the "system".

    <!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>New Customer</title>
    <style>
        form {
            display:flex;
            flex-direction:column;
            width:65%;
            max-width:75%;
            margin:0 auto;
        }
    </style>
</head>
<body>
    <form action="" method="POST">
        <h1>Insert a new customer</h1>
        <label for="id">Customer Id</label>
        <input type="text" name="id" id="id">
        <label for="name">Customer Name</label>
        <input type="text" name="name" id="name">
        <label for="age">Customer Age</label>
        <input type="number" name="age" id="age">
        <label for="address">Customer Address</label>
        <input type="text" name="address" id="address">
        <button type="submit">Submit</button>
    </form>

    <?php 
    
    class COMPANY extends SQLite3 {
        function __construct() {
            $this->open('customers.db');
        }
    }
    
    $database = new COMPANY();

    if (!$database) {
        echo $database->lastErrorMsg();
    } else {
        echo "Database accessed!\n";
    }
   
    $insert ="INSERT INTO CUSTOMERS (ID, NAME, AGE, ADDRESS) VALUES ('".$_POST["id"]."', '".$_POST["name"]."', '".$_POST["age"]."','".$_POST["address"]."');";
    
    $result = $database->exec($insert);

    if(!$result) {
        echo $database->lastErrorMsg();
    } else {
        echo "Records added successfully!\n";
    }
    $database->close();
    ?>
   
</body>
</html>
Improve this question
1
  • 1
    As noted in the answer you don't ever check if form is actually submitted, you execute your database logic all the same. Your code will obviously grow, so can I suggest splitting your presentation and logic into separate files right now. It's easier than refactoring the thousand lines of spaghetti you end up with, if you don't split early. Other than that, see How can I prevent SQL injection in PHP? Commented Mar 12, 2022 at 15:13

2 Answers 2

Reset to default
1

You need to use isset() and check if the form has actually posted the values. In your code, the page loads and PHP code executes without checking if the form has submitted and the blanks are inserted in the database

  if(isset($_POST['id'],isset($_POST['name'],isset($_POST['age'], isset($_POST['address']) {
 .. your code

  }

PS: this doesn't include sanitization and validation of fields, please add them as you wish

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I'm entering this command on top of the code and it says that it expects a ")" instead of "}".
oh thats because you have the class declaration at the start, please add it before $database = new COMPANY(); and close it after $database->close();
Done! Thanks so much for your precious help, wishing an amazing and productive weekend!
0

There should be validation, values should not be empty.

Improve this answer

1 Comment

Your answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.