Let’s look at the first block of code, before the second query:-
$wordArr = []; // No need to set an array, PDO will fetch directly into a new array
$words = "SELECT * FROM aarude;"; // Don't use * unless you absolutlely need to fetch every column, here you only need one column
$words = $dbh->prepare($words); // No need to prepare and execute a hard coded query with no variables
$words->execute();
if($words->rowCount() > 0){ // This isn't the best way to check a result
while ($word = $words->fetch (PDO::FETCH_OBJ)){ // No point fetching as an object if you are not using it as an object
$rude = $word->word;
array_push($wordArr,$rude); // Use fetchAll to put straight to an array
}
}
We can shorten that to a single line of code which will get the same result more efficiently:-
$wordArr = $dbh->query("SELECT word FROM aarude")->fetchAll(PDO::FETCH_COLUMN);
I’ll leave the second part as it doesn’t work anyway and needs a complete rethink…
Data submitted to your site can come from anywhere, not just your form, can be set to anything, and cannot be trusted. Any validation you do in the browser is only a nicety for legitimate visitors. You must trim, mainly so that you can detect if a value is all white-space characters, then validate the data on the server before using it.
Who is able to submit product data to your site? Shouldn’t it be a logged in, trusted, manager/administrator?