Hi,
I'm pretty new to this, so please bear with me if this is a completely niave question. I have set up a webspace which requires users to first register and login prior to entering or downloading from a mysql database. I have it set up in sessions, using the $_POST method for transferring the data from the form to the database.

Anytime I have posted data, or tested the system, it works fine. Occasionally, a blank record shows up in the database though and I don't know where these come from. I thought it had to do with the user not accepting cookies, but if I turn cookies off, I am unable to login and therefore unable to access the data entry forms. There are pre-filled fields that cannot be blanked out, so all the data is being lost somewhere between the entry and the post, but I can't figure out where. Has anyone run into this before? Any suggestions on where i might have a hole in my code? any thoughts at all would be appreciated. Right now I can't even track the user to see who posted the blank record, so can't troubleshoot it properly. HELP :-?
Thanks in advance,
Skraf

You should always check and make safe the POST variables before submitting into DB, and do that always in PHP, the first rule is to never trust users.

This is a good function you can use:

function MakeSafe($unsafestring) {
if (!get_magic_quotes_gpc())
{
return mysql_escape_string($unsafestring);
}
return htmlentities($unsafestring);
}


usage:

$myvariable=MakeSafe ($_POST['nameofvariable']);

then, you should check if is empty:

if ($myvariable!='') {

...here you can insert into your DB

}

actually, the form sanitize is a bit more complex you should make some google searches if you want to get better results
I use also htmlpurifier