Ignore Empty Inputs when inserting data using a PHP form



I seem to be having an issue with PHP Contact Form. In my form, the only field that is NOT required to be filled up, is the Phone Number. When I fill out the form with the phone number, the data gets inserted into the database, but when I leave that input blank, it doesn’t work. It shows me the “success” page but no data is inserted. Is there anyway for the cf.inc.php to ignore the Phone Number field if its empty?

I have added the HTML Form, cf.inc.php and the table structure below.

HTML FORM

<form class="contact-form" action="includes/cf.inc.php" method="POST" autocomplete="off">
  <input type="text" autocomplete="off" required="true" name="cf_name" placeholder="Name*"><br>
  <input type="email" autocomplete="off" required="true" name="cf_email" placeholder="Email*"><br>
  <input type="text" autocomplete="off" name="cf_phone" placeholder="Phone Number (Optional)"><br>
  <input type="text" autocomplete="off" required="true" name="cf_subject" placeholder="Subject*"><br>
  <textarea name="cf_message" autocomplete="off" placeholder="Write your message in 200 Words*" required="true"></textarea><br>
  <div class="h-project-button">
    <button class="uni-button" type="submit" value="cf_submit" name="cf_submit"><i class="fas fa-paper-plane"></i> Submit </button>
  </div>
</form>

cf.inc.php

<?php
include_once 'dbh.inc.php';

$timestamp = date("Y-m-d H:i:s");
$name = mysqli_real_escape_string($conn, $_POST['cf_name']);
$email = mysqli_real_escape_string($conn, $_POST['cf_email']);
$phone = mysqli_real_escape_string($conn, $_POST['cf_phone']);
$subject = mysqli_real_escape_string($conn, $_POST['cf_subject']);
$message = mysqli_real_escape_string($conn, $_POST['cf_message']);


if (isset($_POST['cf_submit'])) {
    $sql = "INSERT INTO contactform (cf_time, cf_name, cf_email, cf_phone, cf_subject, cf_message)
        VALUES (?, ?, ?, ?, ?, ?);";

    $stmt = mysqli_stmt_init($conn);
    if (!mysqli_stmt_prepare($stmt, $sql)) {
        echo "<script> window.location.assign('./contactformfail'); </script>";
    } else {
        mysqli_stmt_bind_param($stmt, "ssssss", $timestamp, $name, $email, $phone, $subject, $message);
        mysqli_stmt_execute($stmt);
        echo "<script> window.location.assign('./contactformsuccess'); </script>";
    }
} else {
    echo "<script> window.location.assign('./contactformfail'); </script>";
}

Table Structure

CREATE TABLE `contactform` (
  `cf_id` int NOT NULL,
  `cf_name` varchar(64) NOT NULL,
  `cf_email` varchar(64) NOT NULL,
  `cf_phone` int DEFAULT NULL,
  `cf_subject` varchar(64) NOT NULL,
  `cf_message` varchar(1000) NOT NULL,
  `cf_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;

Answer

Don’t store the phone number as INT. Even though we call it a “number”, it’s not really one, and converting it to an integer can cause problems. In this case, the problem is that converting an empty string to an integer may be causing an error. Also, phone numbers are often written with punctuation and spaces; converting to an integer will only parse up to the punctuation and ignore the rest.

You should declare it as VARCHAR.

You also should check whether mysqli_stmt_execute() succeeds. Error checking would have told you why the INSERT was failing.



Source: stackoverflow