tags:

views:

74

answers:

3
Q: 

PHP & MySQL problem.

Okay I'm using strip_tags to get rid of html from when a user tags a post but when a user enters something like in the upcoming example.

I get five empty values entered into the database, which I don't want everything else is fine. How can i stop this?

,,,,,,,, ,, ,,,,a,d, <html> , ruby-on-rails , ad, <html>

I get the following entered into the database NOTE the commas are not entered into the database.

, , , a, d, , ruby-on-rails, ad,

Here is my code.

$tags = preg_split('/,/', strip_tags($_POST['tag']), -1, PREG_SPLIT_NO_EMPTY);
$tags = array_map('trim', $tags);
$tags = str_replace(' ', '-', $tags);

ONLY the following should be entered into the database.

a,d,ruby-on-rails,ad

Here is a quick example of my insert.

 for ($x = 0; $x < count($tags); $x++){
    $query1 = "INSERT INTO tags (tag) VALUES ('" . mysqli_real_escape_string($mysqli, strtolower($tags[$x])) . "')";
}
+1  A: 

You should check if the values are empty(). If they are, omit them from your database insert query or mark them as "null".

Without seeing the database table design or any code that has to deal with the database, it is hard to say how we can better help you.

UPDATE

With the new information from the INSERT query, here is how you would apply the empty (untested pending syntax errors):

$tags = array_filter($tags, function ($v) { return !empty($v);});

for ($x = 0; $x < count($tags); $x++){
    $query1 = "INSERT INTO tags (tag) VALUES ('" . mysqli_real_escape_string($mysqli, strtolower($tags[$x])) . "')";
}

Should remove the empty values from the array, pending I did not make a simple mistake.

EDIT

Here is one option to do it, but yea. Since you are using the loop already, you can just add an if inside the loop. With the array_filter it should remove any empty values from the array.

Moved the function definition. The above should work.

Brad F Jacobs  2010-08-09 17:40:29
how would i add that to my code?
myTIME  2010-08-09 17:41:58
I dont want them to get entered into the database at all.
myTIME  2010-08-09 17:43:13
Depending on your DB Schema, this may not be possible. If you post that up, I (we) can tell you if that would be possible for your situation. Given normal database designs (if it is normal) the answer would be they have to be entered into the DB. But again, without seeing the structure this is impossible to tell.
Brad F Jacobs  2010-08-09 17:46:08
I get the following now `Warning: array_filter() [function.array-filter]: The second argument, 'empty', should be a valid callback in `
myTIME  2010-08-09 18:00:11
A: 

Why don't you check if the string is empty before inserting it into the database? 

for ($x = 0; $x < count($tags); $x++){
    if ($tags[$x] != '') {
         $query1 = "INSERT INTO tags (tag) VALUES ('" . mysqli_real_escape_string($mysqli, strtolower($tags[$x])) . "')";
    }
}
A. M.  2010-08-09 17:59:52
A: 

I think you just need to beef up what you split on.

I'd probably do something more like this

$input = ",,,,,,,, ,, ,,,,a,d, <html> , ruby-on-rails , ad, <html>";

$tags = preg_split( "/(?:\s*,\s*)+/", trim( strip_tags( $input ), ', ' ) );
$tags = array_map( 'mysqli_real_escape_string', str_replace( ' ', '-', $tags ) );

Then, when it comes to your query, take advantage of MySQL's multiple insert syntax

$query1 = "INSERT INTO tags (tag) VALUES ('" . implode( "'),('", $tags ) . "');";

But you may want to look into duplicate insert handling.

Peter Bailey  2010-08-09 18:14:43

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL