Good morning,
I have a PHP script which sends an email with certain variables that are received through the POST method and in turn saved in a MySql database mentioned info.
I had a problem and it was that emails were sent by themselves as if something on the server executed the script, even when empty in the .js (through Ajax) did not allow the data to be sent to the .php until the user filled all the data so I figured that PHP was running only and maybe the .js sent data "mocking" that validation of not sending empty data.
I corrected this mail problem by validating in the .php that the variables were not empty (which obviously should not be empty due to the validation in the .js), here the validation
if (!empty(@$_POST['nuevo_id'] && @$_POST['nombre'] && @$_POST['celular'] && @$_POST['direccion'] && @$_POST['correo'])){
//aquí envío el correo y solucioné que no se enviarán correos solos sin información
}
it turns out that the code that stores the info in the database (which are exactly the same variables used to send the email), which was left out of the if, runs only as it happened with the mail, this generates me that there are empty records in the database, in 3 days I already had 250 new records all blank, I imagine that the solution will be the same as the mail and it is what I will try, to put the code that it keeps in the base of data within the if it validates me that the variables are not empty my question is:
Why is that? Why is the code executed alone? It is necessary that whenever you make MySql queries or if you send emails, you have to validate the fields, even if it is obvious that they should not be empty. or I must add something additional, I leave the query for something:
$agregar_info_usuario = mysqli_query($conexion,"UPDATE 'gabriel_SoftwareTecflucol'.'solicitudes'
SET 'nombre'='$nombre',
'celular'='$celular',
'email'='$correo',
'ruta_foto1'='$ruta_final_foto1',
'ruta_foto2'='$ruta_final_foto2',
'direccion'='$direccion',
'comentarios'='$comentarios'
WHERE 'solicitudes'.'id'='$nuevo_id';");