I am trying to insert some records but I dont know how to check required fields and form controls.Can you show me how can i check required fields?
I am new in php. Thank you.
if(isset($_POST['submitted']) == 1) {
$ad = mysqli_real_escape_string($dbc, $_POST['name']);
$soyad = mysqli_real_escape_string($dbc, $_POST['surname']);
$email = mysqli_real_escape_string($dbc, $_POST['email']);
$q = "INSERT INTO db (name, surname,email) VALUES ('$name', '$surname', '$email')";
$r = mysqli_query($dbc, $q);
if($r){
$message = '<p>Message Added!</p>';
} else {
$message = '<p>Could not add because: '.mysqli_errno($dbc);
$message .= '<p>'.$q.'<p>';
}
}
Your form and php code will not be aware of the limitation set on your database table. You can ask the database how a table looks using the describe keyword followed by the table name. (http://dev.mysql.com/doc/refman/5.7/en/describe.html). The response will tell you which if a field's allowed to be null or not. Based on that you can create your form to take this into consideration.
In your html You can add <input type="text" placeholder="username" name="username" required="required"
/>
The required="required" makes that field required.
And in your php you can check if that field is empty or not like this
if(isset($_POST['username']) && $_POST['username']!="" ){
$uname=$_POST['username'];
if(strlen($uname)>=4){
//use your sql insert query .I'll show you how to do it using pdo
$sql=$conn->prepare("INSERT INTO `yourtable` (uname) VALUES (:u)");
//$conn is your sql connection variable.
$sql->execute(array(":u"=>$uname));
}
else {
echo "please Insert a valid username";
}
}
else {
echo "Please insert an username";
}
Related
I have a form where the user can update a student by entering the username of the student. But if the user only wants to update the firstname and leaves the lastname blank, this will remove the last name from the mysql database.
html form:
<form class="" action="updateStudent.php" method="post">
Username: <input type="text" name="username" value="">
Firstname: <input type="text" name="firstname" value="">
Lastname: <input type="text" name="lastname" value="">
<input type="submit" name="" value="Update">
</form>
php:
<?php
include('connection.php');
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$sql = "update employee set firstname = '$firstname',
lastname = '$lastname',
where username = '$username'";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
}
else{
echo "error: $sql. " . mysqli_error($conn);
}
mysqli_close($conn);
?>
how can I change my code so when the user only wants to change the first name and leave the last name, it wont end up empty in the database?
Add this line your form
<input type="text" name="lastname" value="<?php echo $lastname; ?>" />
$lastname is the last name from the resultset. The condition is that you should query the record before rendering the page.
Use COALESCE:
UPDATE `employee`
SET `firstname` = COALESCE($firstname, firstname),
`lastname` = COALESCE($lastname, lastname),
`username` = COALESCE($username, username)
WHERE `username`= '$username'
And leave the value="" out of the HTML form in the input tags.
Same thing i put in the comment,
U need to check if the person only changed it's first name
U could do this
include('connection.php');
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
/**
* instead of checking if the input is an empty string, try to set a minimum
* length for the string lets put it on 5
*/
$minLength= 5;
$sql = '';
if(strlen($lastname) > $minLength && strlen($firstname) > $minLength){
//both have the required length
$sql = "update employee
set firstname = '$firstname',
lastname = '$lastname',
where username = '$username'";
} else if(strlen($firstname) > $minLength) {
//only first name with required length
$sql = "update employee
set firstname= '$firstname',
where username = '$username'";
} else if (strlen($lastname) > $minLength) {
//only lastname with required length
$sql = "update employee
set lastname= '$lastname',
where username = '$username'";
} else {
//none applied
$sql = false;
}
if($sql){
//it's "true" if it contains something
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "error: $sql. " . mysqli_error($conn);
}
mysqli_close($conn);
}
But i strongly recomment if u are updating information, in the update form by default those field get the current values when the form is loaded.
I assume you mean that if someone leaves the input form fields empty, you want to NOT update that column.
To do this, build a dynamic query.
<?php
include 'connection.php';
$username = $_POST['username'];
$sql = "UPDATE employee SET ";
//where username = '$username'";
$countColumns = 0; // track how many columns we are going to update
$columns = ['firstname', 'lastname']; // add more columns to this list if needed.
foreach($columns as $key ) {
if ( ! empty($_POST[$key] ) {
$value = $_POST[$key];
if ( $countColumns > 0 ) $sql .= ',';
$sql .= " `{$key}` = '{$value}'";
$countColumns++;
}
}
if ( $countColumns > 0 ) {
$sql .= " WHERE username = '{$username}'";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
}
else {
echo "error: $sql. " . mysqli_error($conn);
}
}
else {
// Nothing to update
}
mysqli_close($conn);
Use prepared statements with MySQLi, they are much safer and will help you prevent an SQL injection attack!
To solve your problem you can simply check which values came in empty and set a proper query, like this:
<?php
$conn = new mysqli($servername, $username, $password, $dbname);
// check if all fields came in and if username is not empty
if(isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['firstname']) && isset($_POST['lastname']))
{
// you can use strlen($_POST['firstname']) > 2 to check if it at least has 2 characters
if(!empty($_POST['firstname']) && empty($_POST['lastname']))
{
$sql = $conn->prepare("UPDATE employee SET firstname = ? WHERE username = ?";
$sql->bind_param("ss", $_POST['firstname'], $_POST['username']);
}
else if(empty($_POST['firstname']) && !empty($_POST['lastname']))
{
$sql = $conn->prepare("UPDATE employee SET lastname = ? WHERE username = ?";
$sql->bind_param("ss", $_POST['lastname'], $_POST['username']);
}
else if(!empty($_POST['firstname']) && !empty($_POST['lastname']))
{
$sql = $conn->prepare("UPDATE employee SET firstname = ?, lastname = ? WHERE username = ?";
$sql->bind_param("sss", $_POST['firstname'], $_POST['lastname'], $_POST['username']);
}
if ($sql->execute())
{
echo "Record updated successfully";
}
else
{
echo "error: " . mysqli_error($conn);
}
$sql->close();
}
$conn->close();
?>
This should work regardless of which they want to update, or if they want to update both. Though I'm not sure if you'd have to escape the single quote inside the strings within the IF statements or not.
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$flen = strlen($firstname);
$llen = strlen($lastname);
$c = $flen + $llen;
if ($flen>0) {
$fname = "firstname = '$firstname'" ;
}
if ($c=2) {
$com = "," ;
}
if ($llen>0) {
$lname = "lastname = '$lastname'" ;
}
$sql = "update employee set " . $fname . $com . $lname . "
where username = '$username' ";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
}
else{
echo "error: $sql. " . mysqli_error($conn);
}
mysqli_close($conn);
?>
I recently created a form where I needed to make sure that all fields were filled out, so I used the following code to ensure that all fields were filled out before continuing with my sql query. Probably not the cleanest, but it prevents empty fields. That way nothing will be left blank and it will update accordingly.
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$flen = strlen($firstName);
$llen = strlen($lastName);
switch ($flen) {
case 0:
echo "Click Back button and please make sure to fill in all fields";
exit;
}
switch ($llen) {
case 0:
echo "Click Back button and please make sure to fill in all fields";
exit;
}
I'm trying to add new user into Mysql database using PHP in SIGN-UP form, there is old data shown all the time but when I pass new data from user input if that user is already added then i will see correct message but if not my POST method can not add them. Why is that happening?
Here is my code so far:
singUp.php
<?php
session_start();
if (array_key_exists('email', $_POST) OR array_key_exists('password', $_POST)) {
$link = mysqli_connect("localhost", "root", "pass", "user");
if (mysqli_connect_error()) {
die ("There was an error connecting to the database");
}
if ($_POST['email'] == '') {
echo "<p>Email address is required.</p>";
} else if ($_POST['password'] == '') {
echo "<p>Password is required.</p>";
} else {
$query = "SELECT `id` FROM `users` WHERE email = '".mysqli_real_escape_string($link, $_POST['email'])."'";
$result = mysqli_query($link, $query);
if (mysqli_num_rows($result) > 0) {
echo "<p>That email address has already been taken.</p>";
} else {
$query = "INSERT INTO `users` (`email`, `password`) VALUES ('".mysqli_real_escape_string($link, $_POST['email'])."', '".mysqli_real_escape_string($link, $_POST['password'])."')";
if (mysqli_query($link, $query)) {
$_SESSION['email'] = $_POST['email'];
header("Location:session.php");
} else {
echo "<p>There was a problem signing you up - please try again later.</p>";
}
}
}
}
?>
<form method = "POST">
<input name="email" type="text" placeholder="Email address">
<input name="password" type="password" placeholder="Password">
<input type="submit" value = "Sign up">
</form>
session.php
<?php
session_start();
//$_SESSION['username']="dijana";
echo $_SESSION['username'];
if ($_SESSION['email']) {
echo "<p>You are logged in.</p>";
} else {
header("Location:singUp.php");
}
?>
You have a syntax error at session page
$_SESION['email']
It should be $_SESSION['email'].
Advice
Don't manual write sql query, you can some mysql database management scripts which will help you reduce risk of sql injection such as
php mysqli database class
Or better still one the php frameworks like laravel, codeigniter, etc for easy users management
I am learning php and mysql and trying to create a Form with a Registration and Login pages, but I am having trouble getting the registration form to write data to my database. I do not get errors regarding connection to the database, but my tables remain empty when I try to post data. I am getting the error
'Something went wrong while registering. Please try again later.
.
Any help is much appreciated.
<?php
//signup.php
include 'connect.php';
echo '<h2>Register </h2>';
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
/*the form hasn't been posted yet, display it
note that the action="" will cause the form to post to the same page it is on */
echo '<form method="post" action="">
Username: <input type="text" name="Username" />
Password: <input type="password" name="Password">
Confirm Password: <input type="password" name="Confirm">
<input type="submit" value="Submit" />
</form>';
}
else
{
/* so, the form has been posted, we'll process the data in three steps:
1. Check the data
2. Let the user refill the wrong fields (if necessary)
3. Save the data
*/
$errors = array(); /* declare the array for later use */
if(isset($_POST['Username']))
{
//the user name exists
//if(!ctype_alnum($_POST['Username']))
if($_POST['Username'] == ['Username'])
{
$errors[] = 'The username is already in use.';
}
}
else
{
$errors[] = 'The username field must not be empty.';
}
if(isset($_POST['Password']))
{
if($_POST['Password'] != $_POST['Confirm'])
{
$errors[] = 'The two passwords did not match.';
}
}
else
{
$errors[] = 'The password field cannot be empty.';
}
if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
{
echo 'Uh-oh.. a couple of fields are not filled in correctly..';
echo '<ul>';
foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
{
echo '<li>' . $value . '</li>'; /* this generates a nice error list */
}
echo '</ul>';
}
else
{
//the form has been posted without errors, so save it
//notice the use of mysql_real_escape_string, keep everything safe!
//also notice the sha1 function which hashes the password
$sql = "INSERT INTO
Users(Username, Password)
VALUES('" . mysql_real_escape_string($_POST['Username']) . "',
'" . md5($_POST['Password']) . "',
NOW(),
0)";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'Something went wrong while registering. Please try again later.';
//echo mysql_error(); //debugging purposes, uncomment when needed
}
else
{
header ("location: index.htm"); //redirects to Index Page
}
}
}
?>
thank you
Try this. I have added back ticks to the Users table fields
$username = mysql_real_escape_string($_POST['Username']);
$password = md5($_POST['Password']);
$sql= "INSERT INTO Users(`Username`,`Password`) VALUES('$username', '$password')";
You are inserting NOW() and 0. 2 extra values
Note the first step in debugging an SQL query is running it in MySQL first. So try running the SQL statement first in MySQL first with dummy values for Username and Password and see if it works
I am creating a simple login script using PHP and MySQL, no errors are coming up but for some reason the information submitted is just not being inserted into the database.
The database is named 'test' (Without quotes) and the table 'users' (Also without quotes).
The columns in the table are first_name, last_name, email, pass and registration_date.
Here is the html form:
<form action="script4.php" method="post">
<p>First Name:<input type="text" name="first_name" value="first_name" /></p>
<p>Last Name:<input type="text" name="last_name" value="last_name" /></p>
<p>Email: <input type="text" name="email" value="email" /></p>
<p>Password: <input type="password" name="pass1" value="pass1" /></p>
<p>Confirm Password: <input type="password" name="pass2" value="pass2"/></p>
<input type="submit" name="submit" value="register" />
</form>
and here is script4.php
<?php
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
require ('mysql_connect.php');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$errors = array();}
if (!empty($_POST['first_name'])) {
$errors[] = "You forgot to enter your first name!";
} else {
$fn = trim($_POST['first_name']);
}
if (!empty($_POST['last_name'])) {
$errors[] = "You forgot to enter your first name!";
} else {
$ln = trim($_POST['last_name']);
}
if (!empty($_POST['email'])) {
$errors[] = "You forgot to enter your first name!";
} else {
$e = trim($_POST['email']);
}
if (!empty($_POST['pass1'])) {
if ($_POST['pass1'] != $_POST['pass2']) {
$errors[] = "Your passwords do not match.";
} else {
$p = trim($_POST['pass1']);}
}else {
$errors[] = "You forgot to enter your password.";
}
if (empty($errors)) {
require ('mysql_connect.php');
$q = "INSERT INTO users ('first_name', 'last_name', 'email', 'pass', 'registration_date') VALUES ('$first_name', '$last_name', '$email', SHA1('$pass'), NOW()) or trigger_error('Query Error: ' . mysql_error());";
$r = #mysqli_query ($dbc, $q);
if ($r) {
echo("Thanks");
} else {
echo("We are sorry, you could not be entered at this time.");
echo mysqli_error($dbc);
} }
mysqli_close($dbc);
?>
I know this script is vulnerable to sql injection, it is just a test:)
The data will just not get submitted.
Remove the single quotes from the column names.
You are calling require ('mysql_connect.php') twice.
You had multiple syntax errors.
You were assigning variables but not calling them.
You tried to add $pass to the database instead of $pass1.
I cleaned your code.
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$errors = array();
$first_name = empty($_POST['first_name']) ? '' : trim($_POST['first_name']);;
$last_name = empty($_POST['last_name']) ? '' : trim($_POST['last_name']);;
$email = empty($_POST['email']) ? '' : trim($_POST['email']);;
$pass1 = empty($_POST['pass1']) ? '' : trim($_POST['pass1']);
$pass2 = $_POST['pass2'];
if (!$first_name) {
$errors[] = "You forgot to enter your first name!";
}
if (!$last_name) {
$errors[] = "You forgot to enter your first name!";
}
if (!$email) {
$errors[] = "You forgot to enter your first name!";
}
if ($pass1) {
if ($pass1 != $pass2) {
$errors[] = "Your passwords do not match.";
}
} else {
$errors[] = "You forgot to enter your password.";
}
if (empty($errors)) {
require ('mysql_connect.php');
$q = "INSERT INTO users (first_name, last_name, email, pass,registration_date) VALUES ('$first_name', '$last_name', '$email', SHA1('$pass1'), NOW()) or trigger_error('Query Error: ' . mysql_error());";
$r = #mysqli_query ($dbc, $q);
if ($r) {
echo("Thanks");
} else {
echo("We are sorry, you could not be entered at this time.");
echo mysqli_error($dbc);
}
mysqli_close($dbc);
} else {
foreach ($errors as $error) echo $error . '<br>';
}
}
?>
Also, it will be wise to escape the $_POST data or even better - use a prepared statements as currently, you are volunerable to SQL injection.
Hope this helps!
Remove the ! in all your conditional statements:
if (!empty($_POST['last_name']))
Means "if last_name is NOT empty", because of the !. Which means that your script currently says "error" if the fields are NOT empty. And if the scripts says "error", then in the end it doesn't insert the values in the database.
It doesn't say "we are sorry" too, because this statement is inside your conditional if(empty($errors)). So if $errors is not empty, you directly go to the end of the script without displaying anything, but witout having inserted your values.
So what you should do, for instance, is this:
if (empty($_POST['first_name'])) {
$errors[] = "You forgot to enter your first name!";
} else {
$fn = trim($_POST['first_name']);
}
And in the end:
if (empty($errors)) {
require ('mysql_connect.php');
$q = "INSERT INTO users (first_name, last_name, email, pass, registration_date) VALUES ($first_name, $last_name, $email, SHA1($pass), NOW());";
if (#mysqli_query ($dbc, $q)) {
echo("Thanks");
} else {
echo mysqli_error($dbc);
echo("We are sorry, there is a problem with the database connection.");
}
} else {
echo("We are sorry, there are errors in the values you entered.");
}
mysqli_close($dbc);
As the others said, be careful because you have to remove one of your require('mysql_connect.php').
Remove the first require ('mysql_connect.php');
and change the following line to something like this because you got wrong syntax for your query and your trigger_error
$q = "INSERT INTO users (first_name, last_name, email, pass, registration_date) VALUES ('$first_name', '$last_name', '$email', SHA1('$pass'), NOW())";
$r = mysqli_query($dbc, $q) or trigger_error('Query Error: ' . mysqli_error($dbc));
Remove the # and change mysql_error to mysqli_error with link otherwise you won't get your error.
if(empty($errors)) {
require ('mysql_connect.php');
$q = "INSERT INTO `users` (`first_name`, `last_name`, `email`, `pass`, `registration_date`) VALUES ('$first_name', '$last_name', '$email', SHA1('$pass'), NOW())";
$r = mysqli_query ($dbc, $q);
if($r){
echo "Thanks";
}else{
echo "We are sorry, you could not be entered at this time.";
trigger_error('Query Error: ' . mysqli_error($dbc));
}
mysqli_close($dbc);
}
Also you should look into binding parameters so eliminate sql injections.
I have a registration form that has some required field. i want to check if those required fields are filled and if they are filled correctly before i insert in my database.
One of the required field is email, i also want to check if the email entered is a valid email.
My code is below.
Thanks in advance for your help, i really appreciate it.
<?php
include 'config.php';
$tbl_name="citizens"; // Table name
// Get values from form and formatting them as SQL strings
$firstname = mysql_real_escape_string($_POST['firstname']);
$middlename = mysql_real_escape_string($_POST['middlename']);
$lastname = mysql_real_escape_string($_POST['lastname']);
$sex = mysql_real_escape_string($_POST['sex']);
$address = mysql_real_escape_string($_POST['address']);
$employer = mysql_real_escape_string($_POST['employer']);
$posincom = mysql_real_escape_string($_POST['posincom']);
$states = mysql_real_escape_string($_POST['states']);
$agerange = mysql_real_escape_string($_POST['agerange']);
$income = mysql_real_escape_string($_POST['income']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);
// Insert data into mysql
$sql="INSERT INTO `$tbl_name` (firstname, middlename, lastname, sex, address, employer, position_in_company, states, age_range, local_govt_area, email, phone) VALUES('$firstname', '$middlename', '$lastname', '$sex', '$address', '$employer', '$posincom', '$states', '$agerange', '$income', '$email', '$phone')";
$result=mysql_query($sql);
// if successfully insert data into database, displays message "Successful".
if($result){
echo "You Have Successful Registered";
}else {
echo "Sorry!!! Could Not Register You. All a* fields must be field.";
}
?>
<?php
include 'config.php';
$tbl_name="citizens"; // Table name
$required = array('email');
$errors = array();
foreach($required as $required_fieldname){
if(!isset($_POST[$required_fieldname]) || empty($_POST[$required_fieldname])){
$errors[] = 'Sorry!!! Could Not Register You. All a* fields must be field.';
break;
}
}
if(isset($_POST['email']) && !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
$errors[] = "That is not a valid email address.";
}
if(count($errors) == 0){
// Get values from form and formatting them as SQL strings
$firstname = mysql_real_escape_string($_POST['firstname']);
$middlename = mysql_real_escape_string($_POST['middlename']);
$lastname = mysql_real_escape_string($_POST['lastname']);
$sex = mysql_real_escape_string($_POST['sex']);
$address = mysql_real_escape_string($_POST['address']);
$employer = mysql_real_escape_string($_POST['employer']);
$posincom = mysql_real_escape_string($_POST['posincom']);
$states = mysql_real_escape_string($_POST['states']);
$agerange = mysql_real_escape_string($_POST['agerange']);
$income = mysql_real_escape_string($_POST['income']);
$email = mysql_real_escape_string($_POST['email']);
$phone = mysql_real_escape_string($_POST['phone']);
// Insert data into mysql
$sql="INSERT INTO `$tbl_name` (firstname, middlename, lastname, sex, address, employer, position_in_company, states, age_range, local_govt_area, email, phone) VALUES('$firstname', '$middlename', '$lastname', '$sex', '$address', '$employer', '$posincom', '$states', '$agerange', '$income', '$email', '$phone')";
$result= mysql_query($sql);
// if successfully insert data into database, displays message "Successful".
if($result){
echo "You Have Successfully Registered";
}else {
echo "A technical error has occured.";
}
}
else{
echo '<strong>ERRORS!</strong><br>';
foreach($errors as $error){
echo $error . '<br>';
}
}
?>
you should validate form before submitting at client side using JavaScript, and alert to user if not filled correctly. Once validated allow it to submit .
In other case it is overhead to validate at server and than again send response to user at client end.
<?php
include 'config.php';
$tbl_name="citizens"; // Table name
// Get values from form and formatting them as SQL strings
//your other fields ...
$email = mysql_real_escape_string($_POST['email']);
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$errors = 1;
echo "Please enter a correct email address";
}
//similar approach can be used for other fields..
// this is one of the simplest validating approach
if($errors == 0){
// Insert data into mysql
$sql="INSERT INTO `$tbl_name` (firstname, middlename, lastname, sex, address, employer, position_in_company, states, age_range, local_govt_area, email, phone) VALUES('$firstname', '$middlename', '$lastname', '$sex', '$address', '$employer', '$posincom', '$states', '$agerange', '$income', '$email', '$phone')";
$result=mysql_query($sql);
// if successfully insert data into database, displays message "Successful".
if($result){
echo "You Have Successful Registered";
}else {
echo "Sorry!!! Could Not Register You. All a* fields must be field.";
}
}
?>
For email you can use this (or similar) functions from https://stackoverflow.com/questions/3314493/check-for-valid-email-address to validate email
function isValidEmail($email){
return preg_match("^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$^", $email);
}
Or
function isValidEmail( $email ){
return filter_var( $email, FILTER_VALIDATE_EMAIL );
}
For the rest, you can use the following
<?php
$error = '';
//put chosen function here
function isValidEmail( $email ){
return filter_var( $email, FILTER_VALIDATE_EMAIL );
}
//get values and validate each one as required
$firstname = mysql_real_escape_string($_POST['firstname']);
if(!$firstname){ $error .= "First name is required<br />"; }
//repeat for each field
$email = mysql_real_escape_string($_POST['email']);
if(!isValidEmail($email)){ $error .= "The email entered is invalid<br />"; }
//and so on...
if(!$error){
//add insert into database code here
}
else{
//display $error however you want e.g....
echo "<div class=\"error\">$error</div>";
}
?>
1.) you can use PHP_FILTER for validation.
2.) you can proper check( variable is null or not) before insert the data if variable is null the display error msg otherwish insert..