Skip to content

Instantly share code, notes, and snippets.

@rungiraffe

rungiraffe/address-check.php

Created September 23, 2012 18:27
Show Gist options
  • Save rungiraffe/3772597 to your computer and use it in GitHub Desktop.
Save rungiraffe/3772597 to your computer and use it in GitHub Desktop.
Download ZIP
Trying to return empty strings as NULL
Raw
address-check.php
//Create variables for the bio entries
$street = mysql_real_escape_string($_POST['street']);
$city = mysql_real_escape_string($_POST['city']);
$state = $_POST['state'];
$hotel = mysql_real_escape_string($_POST['hotel']);
$modern_address = mysql_real_escape_string($_POST['modern_address']);
//Check for blank entries; make them NULL
if (empty($street)) {
$street = NULL;
}
if (empty($city)) {
$city = NULL;
}
if (empty($state)) {
$state = NULL;
}
if (empty($hotel)) {
$hotel = NULL;
}
if (empty($modern_address)) {
$modern_address = NULL;
}
//THIS IS NOT WORKING. ALSO, ANY WAY TO USE A FUNCTION HERE?
Raw
address-check2.php
//ADDRESS
//Create variables for the address entries
$street = $_POST['street'];
$city = $_POST['city'];
$state = $_POST['state'];
$hotel = $_POST['hotel'];
$modern_address = $_POST['modern_address'];
//Check for blank entries; make them NULL
if (empty($street)) {
$street = NULL;
}
if (empty($city)) {
$city = NULL;
}
if (empty($state)) {
$state = NULL;
}
if (empty($hotel)) {
$hotel = NULL;
}
if (empty($modern_address)) {
$modern_address = NULL;
}
//Create variable containing MySQL Query for finding existing name; query creates an array and the 0th item is the address_id
$address_test = mysql_real_escape_string("SELECT address_id from address WHERE street = '$street'");
$address_testq = mysql_query($address_test);
$address_row= mysql_fetch_array($address_testq);
//echo($address_row[address_id]) or die('There is no existing address record.');
//Create variable containing MySQL Query for inserting new address
$address_query = mysql_real_escape_string("INSERT INTO address (street, city, state, hotel, modern_address)
VALUES ('$street', '$city', '$state', '$hotel', '$modern_address')");
//Check if name exists (address_id > 0)
if ($address_row[0] > 0){
echo ("<strong>Address already exists.</strong>".$break);
echo ("Query: ".$address_test.$break);
$address_id = $address_row[0];
}
// Create new entry if number of rows with bio_id = 0
elseif (mysql_query($address_query)){
echo ("<strong>Address update SUCCESS. Added new record:</strong>".$break);
echo ("Query: ".$address_test.$break);
echo ("Data: ".$street.$comma.$city.$comma.$state.$comma.$hotel.$comma.$modern_address.$break);
$address_id = mysql_insert_id();
}
// If both fail. Something is wrong.
else {
echo ("<strong>Address update FAILED</strong>".$break.$address_test.$break.$address_query.$break);
}
//Checking that I've captured address_id of existing record or new address_id from created record for join_cong
echo ("Address ID: ".$address_id.$break);
Raw
address-update3.php
//ADDRESS
//THIS HAS A SYNTAX ERROR... somewhere....
//Create variables for the address entries and check for blank entries.
//Address data is not required: create a string if they are filled and make them NULL if they are blank.
if (isset($_POST['street']) {
$street = "'".mysql_real_escape_string($_POST['street'])."'";
}
else {
$street = NULL;
}
if (isset($_POST['city']) {
$city = "'".mysql_real_escape_string($_POST['city'])."'";
}
else {
$city = NULL;
}
if (isset($_POST['state']) {
$state = "'".mysql_real_escape_string($_POST['state'])."'";
}
else {
$state = NULL;
}
if (isset($_POST['hotel']) {
$hotel = "'".mysql_real_escape_string($_POST['hotel'])."'";
}
else {
$hotel = NULL;
}
if (isset($_POST['modern_address']) {
$modern_address = "'".mysql_real_escape_string($_POST['modern_address'])."'";
}
else {
$modern_address = NULL;
}
//Create variable containing MySQL Query for finding existing street.
//Query creates an array and the 0th item is the address_id associated with that street
$address_test = "SELECT address_id FROM address WHERE street = $street";
$address_testq = mysql_query($address_test);
$address_row= mysql_fetch_array($address_testq);
//The next statement is for testing. It's commented out once I know the above queries worked.
//echo($address_row[address_id]) or die('There is no existing address record.');
//Create variable containing MySQL Query for inserting new address data
$address_query = "INSERT INTO address (street, city, state, hotel, modern_address)
VALUES ($street, $city, $state, $hotel, $modern_address)";
//Check if name exists (address_id > 0)
if ($address_row[0] > 0){
echo ("<strong>Address already exists.</strong>".$break);
echo ("Query: ".$address_test.$break);
$address_id = $address_row[0];
}
// Create new entry if address does not exist
elseif (mysql_query($address_query)){
echo ("<strong>Address update SUCCESS. Added new record:</strong>".$break);
echo ("Query: ".$address_test.$break);
echo ("Data: ".$street.$comma.$city.$comma.$state.$comma.$hotel.$comma.$modern_address.$break);
$address_id = mysql_insert_id();
}
// If both fail. Something is wrong.
else {
echo ("<strong>Address update FAILED</strong>".$break.$address_test.$break.$address_query.$break);
}
//Checking that I've captured address_id of existing record or new address_id from created record for join_cong
echo ("Address ID: ".$address_id.$break);
Raw
address-update4.php
//ADDRESS
//Create variables for the address entries and check for blank entries.
//Address data is not required: create a string if they are filled and make them NULL if they are blank.
if (isset($_POST['street'])) {
$street = "'".mysql_real_escape_string($_POST['street'])."'";
}
else {
$street = NULL;
}
if (isset($_POST['city'])) {
$city = "'".mysql_real_escape_string($_POST['city'])."'";
}
else {
$city = NULL;
}
if (isset($_POST['state'])) {
$state = "'".mysql_real_escape_string($_POST['state'])."'";
}
else {
$state = NULL;
}
if (isset($_POST['hotel'])) {
$hotel = "'".mysql_real_escape_string($_POST['hotel'])."'";
}
else {
$hotel = NULL;
}
if (isset($_POST['modern_address'])) {
$modern_address = "'".mysql_real_escape_string($_POST['modern_address'])."'";
}
else {
$modern_address = NULL;
}
//Create variable containing MySQL Query for finding existing street.
//Query creates an array and the 0th item is the address_id associated with that street
$address_test = "SELECT address_id FROM address WHERE street = $street, hotel = $hotel";
$address_testq = mysql_query($address_test);
$address_row= mysql_fetch_array($address_testq);
//The next statement is for testing. It's commented out once I know the above queries worked.
//echo($address_row[address_id]) or die('There is no existing address record.');
//Create variable containing MySQL Query for inserting new address data
$address_query = "INSERT INTO address (street, city, state, hotel, modern_address)
VALUES ($street, $city, $state, $hotel, $modern_address)";
//Check if name exists (address_id > 0)
if ($address_row[0] > 0){
echo ("<strong>Address already exists.</strong>".$break);
echo ("Query: ".$address_test.$break);
$address_id = $address_row[0];
}
// Create new entry if address does not exist
elseif (mysql_query($address_query)){
echo ("<strong>Address update SUCCESS. Added new record:</strong>".$break);
echo ("Query: ".$address_test.$break);
echo ("Data: ".$street.$comma.$city.$comma.$state.$comma.$hotel.$comma.$modern_address.$break);
$address_id = mysql_insert_id();
}
// If both fail. Something is wrong.
else {
echo ("<strong>Address update FAILED</strong>".$break.$address_test.$break.$address_query.$break);
}
//Checking that I've captured address_id of existing record or new address_id from created record for join_cong
echo ("Address ID: ".$address_id.$break);
@fredgibbs
Copy link

my guess is that when you create your SQL stmt and you reference the PHP value, you are putting all of your values in single quotes when you insert into the DB. but even if the php value is null, you'll still end up inserting '','','' and so on in the database, which is, of course, not null but an empty string.

use the mysql_real_escape_string when constructing your SQL stmt, not when pulling from the post request to avoid this problem.

@rungiraffe
Copy link
Author

See address-update2.php -- lines 33 and 39

I think I misunderstood you comment. I took mysql_real_escape_string on SQL statement and Address Update Failed. There were slashes all over the place. Where did you suggest putting it?

@fredgibbs
Copy link

okay, sorry. i wasn't clear.
try this strategy (for each of the variables you are dealing with)
if (isset($_POST['street']) {
$street = " ' " . mysql_real_escape_string($_POST['street']) . " ' "; <don't put the spaces around the single quotes, i just put them here for readability)
}
else {
$street = null;
}
you see the idea here is to

  1. see if the variable is set to anything and
  2. if so, then put it in single quotes and escape the value (put slashes before quotes in the actual value form the form)
  3. if not, set the variable to null
    then, when you create your SQL stmt, you don't need to put single quotes around the variables since they will be part of the variable already. ... VALUES ($street,$city...) ....
    this way, if the variable is null, the sql stmt will have NULL instead of ''

@fredgibbs
Copy link

partially my fault. all your isset statements are missing a ) (should have two at the end, one for the if, and one for the isset)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment