MySQL Not Null not working as I expect

Report · Oct 10, 2006

Hi,

I've created a form to try and stop some autobot spamming that has been occuring.

I have created a dropdown option field where the person filling out the form has to choose the second option which is like:

1. I am a computer
2. I am a Human.

The default option is 1, and using Yaromats extension, I have set it so that the first option is not correct and will return and error etc.

This all works fine.

The field in the MySQL database that gets populated by the choice is called comments_Secure.

I have set it that the field is "Not Null", which, in my understanding means that the entry will not be accepted unless the field is populated, a bit like the Primary key field but is set to auto-increment so that is will automatically be filled.

However, if I do not choose the correct option in the drop down menu on the Form page, then indeed I get the error to choose the correct option or I cannot submit the form.

This seems to be somewhat different to the way the autobot spam works, because I have found that it will still create an entry in the database, but the comment_Secure filed is empty and not populated, but the MySQL database seems to accept this.

If I fill out an entry directly in phpMyAdmin, it too accepts the entry even if I do not populate the comment_secure field.

What am I overlooking here please?

Can you please explain how to set it up so that the comment_Secure field has to have text inserted or the entry is not accepted???

cheers

Report · Oct 10, 2006

why not just place a submit if not = 1 in your code instead of in the SQL?

If you do it in the SQL, then you're still going to have to create an error
page to deal with it (in case a human forgets to change it).

"Macnimation" <webforumsuser@macromedia.com> wrote in message
news:eggoeh$lfg$1@forums.macromedia.com...
> Hi,
>
> I've created a form to try and stop some autobot spamming that has been
> occuring.
>
> I have created a dropdown option field where the person filling out the
> form
> has to choose the second option which is like:
>
> 1. I am a computer
> 2. I am a Human.
>
> The default option is 1, and using Yaromats extension, I have set it so
> that
> the first option is not correct and will return and error etc.
>
> This all works fine.
>
> The field in the MySQL database that gets populated by the choice is
> called
> comments_Secure.
>
> I have set it that the field is "Not Null", which, in my understanding
> means
> that the entry will not be accepted unless the field is populated, a bit
> like
> the Primary key field but is set to auto-increment so that is will
> automatically be filled.
>
> However, if I do not choose the correct option in the drop down menu on
> the
> Form page, then indeed I get the error to choose the correct option or I
> cannot
> submit the form.
>
> This seems to be somewhat different to the way the autobot spam works,
> because
> I have found that it will still create an entry in the database, but the
> comment_Secure filed is empty and not populated, but the MySQL database
> seems
> to accept this.
>
> If I fill out an entry directly in phpMyAdmin, it too accepts the entry
> even
> if I do not populate the comment_secure field.
>
> What am I overlooking here please?
>
> Can you please explain how to set it up so that the comment_Secure field
> has
> to have text inserted or the entry is not accepted???
>
> cheers
>

Report · Oct 10, 2006

Hi,
Thank for the quick response.

Where in the code would I put this option please?

I could be wrong, but I don't think the automated spam entries are actually going through the form, but directly into the MySql database, because the dropdown option is a required field and this works fine if I choose the second option of "I am a Human" but I get the error if I leave the default "I am a Computer" as it is.

But, If I go into the MySql database directly, I can leave it blank and it creates the entry, totally ignoring the required field. Thats why I thought to secure it at the database level rather than the php form page.

Cheers

Report · Oct 11, 2006

Thanks again for the responses.

Would I just place the first line of that code above the Form tag like?:

if($_POST['CheckedField'] ==2){

<form>
Form fields
</form>

}else{
put redirect here;}

I would then change the textfield to a standard input field instead of the dropdown menu options. If the user puts the number 2 into the field then it will accept this?

Cheers

Report · Oct 11, 2006

You will put your if statement before your form validation - it should have
an if statement in there you might be able to append do.

As for the value, whatever you have your drop-down set to (ie, if it says
"human/computer/1/2/monkeybutts) for the values, that's what you need to
check in your if statement.

In my login page, I have this code:
if (isset($_POST['name'])) {
$loginUsername=$_POST['name'];

So, if I wanted to check for more than one condition, then I would modify it
like such:

if(isset($_POST['name'])){

to

if(isset($_POST['name']) AND ($_POST['CheckingField'] == **enter your field
value here**, "human" or 2)){

Does that make sense?

"Macnimation" <webforumsuser@macromedia.com> wrote in message
news:egjajk$pe2$1@forums.macromedia.com...
> Thanks again for the responses.
>
> Would I just place the first line of that code above the Form tag like?:
>
> if($_POST['CheckedField'] ==2){
>
> <form>
> Form fields
> </form>
>
> }else{
> put redirect here;}
>
> I would then change the textfield to a standard input field instead of the
> dropdown menu options. If the user puts the number 2 into the field then
> it
> will accept this?
>
> Cheers
>
>
>

Report · Oct 11, 2006

(note that this will likely corrupt the DW behavior)

> So, if I wanted to check for more than one condition, then I would modify
> it like such:
>
> if(isset($_POST['name'])){
>
> to
>
> if(isset($_POST['name']) AND ($_POST['CheckingField'] == **enter your
> field value here**, "human" or 2)){
>

Report · Oct 12, 2006

Hi,

It kind of makes sense.

Would it be possible to send you the complete comments page code for you to take a look at, and put comments into it were I need to ammend it?

Even today, though the Spams have reduced, a few have been submitted and it already fills in option two drop down of : "I am a Human" so it does not need to manually choose from the dropdown menu.

What is the best method of blocking SPAMS anyway at the moment???

Cheers

Report · Oct 12, 2006

Setup a "spam" table.
Have it auto-generate one number - sequential, and one number - random.

Use sequential as your key, pull in other value, populate a graphic with
this.

Tell user to type in other value into form box, this must match database or
it doesn't go through.

i'm not sure ho wmany people get their randomly generated material, but I
think the above would work well enough.

Jon

"Macnimation" <webforumsuser@macromedia.com> wrote in message
news:egls7t$19n$1@forums.macromedia.com...
> Hi,
>
> It kind of makes sense.
>
> Would it be possible to send you the complete comments page code for you
> to
> take a look at, and put comments into it were I need to ammend it?
>
> Even today, though the Spams have reduced, a few have been submitted and
> it
> already fills in option two drop down of : "I am a Human" so it does not
> need
> to manually choose from the dropdown menu.
>
> What is the best method of blocking SPAMS anyway at the moment???
>
> Cheers
>

Report · Oct 12, 2006

you can IM me at paladin @ stormwraith dotcom on MSN.

"crash" <crash@bcdcdigital.com> wrote in message
news:eglsk2$1ni$1@forums.macromedia.com...
> Setup a "spam" table.
> Have it auto-generate one number - sequential, and one number - random.
>
> Use sequential as your key, pull in other value, populate a graphic with
> this.
>
> Tell user to type in other value into form box, this must match database
> or it doesn't go through.
>
> i'm not sure ho wmany people get their randomly generated material, but I
> think the above would work well enough.
>
> Jon
>
> "Macnimation" <webforumsuser@macromedia.com> wrote in message
> news:egls7t$19n$1@forums.macromedia.com...
>> Hi,
>>
>> It kind of makes sense.
>>
>> Would it be possible to send you the complete comments page code for you
>> to
>> take a look at, and put comments into it were I need to ammend it?
>>
>> Even today, though the Spams have reduced, a few have been submitted and
>> it
>> already fills in option two drop down of : "I am a Human" so it does not
>> need
>> to manually choose from the dropdown menu.
>>
>> What is the best method of blocking SPAMS anyway at the moment???
>>
>> Cheers
>>
>
>

Report · Oct 10, 2006

Any spam scripts will ignore javascript-based validation like Yaromat, which
is useless for serious data validation. It's kind to users who get
immediate feedback, but it won't stop a spammer or hacker for even a second.
You need to validate on the server to be safe.

NOT NULL doesn't mean "= 2", it means exactly that - NOT NULL. An empty
string is also NOT NULL, so of course that passes the constraint and there's
no error. Again, server-side validation is your answer.

"Macnimation" <webforumsuser@macromedia.com> wrote in message
news:egh20p$3em$1@forums.macromedia.com...
> Hi,
> Thank for the quick response.
>
> Where in the code would I put this option please?
>
> I could be wrong, but I don't think the automated spam entries are
> actually
> going through the form, but directly into the MySql database, because the
> dropdown option is a required field and this works fine if I choose the
> second
> option of "I am a Human" but I get the error if I leave the default "I am
> a
> Computer" as it is.
>
> But, If I go into the MySql database directly, I can leave it blank and it
> creates the entry, totally ignoring the required field. Thats why I
> thought to
> secure it at the database level rather than the php form page.
>
> Cheers
>

Report · Oct 10, 2006

Put it at the top of your page.

if($_POST['CheckedField'] ==2){
put form processing here;
}else{
put redirect here;}

"Macnimation" <webforumsuser@macromedia.com> wrote in message
news:egh20p$3em$1@forums.macromedia.com...
> Hi,
> Thank for the quick response.
>
> Where in the code would I put this option please?
>
> I could be wrong, but I don't think the automated spam entries are
> actually
> going through the form, but directly into the MySql database, because the
> dropdown option is a required field and this works fine if I choose the
> second
> option of "I am a Human" but I get the error if I leave the default "I am
> a
> Computer" as it is.
>
> But, If I go into the MySql database directly, I can leave it blank and it
> creates the entry, totally ignoring the required field. Thats why I
> thought to
> secure it at the database level rather than the php form page.
>
> Cheers
>