PHP / MySQL - Sometimes a blank entry gets added to a table

Question

Hello,

The code below allows my users to add an item ($site) to a table ($find). It works well. But every once in a while, it adds a blank value to the table in addition to the one the value the user adds.

Any ideas why?

Thanks in advance,

John

<?

$find1 = urlencode($find); 

print   "<div class=\"siteadd\">
     <form action='bookprocess.php?find=$find1' method='post'>
     Add an item: <input name='site' type='text' size='50'>
     <input type='submit' value='Submit'>
     </form> 
     </div>";
?>

Then, on bookprocess.php:

<?
$remove_array = array('http://www.', 'http://', 'https://', 'https://www.', 'www.');
$site = str_replace($remove_array, "", $_POST['site']);
$site = strtolower($site);

function check_porn_terms($input){
     $porn_terms = array(here are a lot of swear words and porn terms); //add terms here
     foreach($porn_terms as $term){
          if(substr_count($input, $term) > 0) return false;
     }

     return true;
}


if(!check_porn_terms($_POST['site']))
{

   session_write_close();
   header("Location:http://www.site.com/index.php");
   exit;

}


mysql_connect("mysqlv10", "username", "password") or die(mysql_error());
mysql_select_db("bookfeather") or die(mysql_error());

$_GET['find'] = $find;
$find = urldecode($find);
$find = mysql_real_escape_string($find);

$site = mysql_real_escape_string($site);
$illegal = array("/", "\"");
$site = str_replace($illegal, '', $site);

mysql_query("INSERT INTO `$find` VALUES (NULL, '$site',1,0)");
?>

Answer 1

You should check to be sure the user actually entered something.

Something along the lines of:

if(trim($find) && trim($site)) {
  mysql_query("INSERT INTO `$find` VALUES (NULL, '$site',1,0)");
} else {
  print "You must enter values!";
}