AndrewGillespie

Thanks I would like to know if this kind of thing is even possible: //First some code to check for empty fields and sanitise the data<?php$name = $nameErr = $email = $emailErr = null;if ($_SERVER["REQUEST_METHOD"] == "POST") { if (empty($_POST["name"])) { $nameErr = "Name is required"; } else { $name = test_input($_POST["name"]);} if (empty($_POST["email"])) { $emailErr = "Email is required"; } else { $email = test_input($_POST["email"]); // check if e-mail address is well-formed if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $emailErr = "Invalid email format"; } } function test_input($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data;}?>//Now the form which will show a message if the field is blank, sanitise the data and echo the data already filled in so the user doesn't have to type it again<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"> Name: <input type="text" name="name" value="<?php echo $name;?>">E-mail: <input type="text" name="email" value="<?php echo $email;?>"> <span class="error">* <?php echo $emailErr;?></span> <span class="error">* <?php echo $nameErr;?></span><input type="submit" name="submit" value="Submit"></form>//Now send the data to the database if it passes all tests, this is where I have the issue<?php$con = ...the connection details here;if ($_SERVER["REQUEST_METHOD"] == "POST") {$sql="INSERT INTO tbl_whatever (name, email)VALUES ('$name','$email')";if ($con->query($sql)) {// now show if post is successful or otherwise show error infomationecho "<h4>Your data was successfully submitted.</h4>";}else {echo "error: (" . $con->errno . ") " . $con->error ;}}?> but I have 2 issues: 1. the line is written in the database even if validation fails 2. If the post is successfull, how do I empty the input fields so that it is as if the page was just opened?

Hi, I am quite new to this and have been learning from the tutorials. The tutorial at http://www.w3schools.com/php/php_form_complete.asp for a form that does validation and avoids injection exploits sends the posted data to the screen. I want to send it to a database. I have not been able to figure out how to go about it. Is it correct to post to the same file with htmlspecialchars($_SERVER["PHP_SELF"]) and have the sql statement in the same file or do I have to post the data to another file with the sql statement in it (like action="dblink.php")?