Tuk Posted July 22, 2009 Share Posted July 22, 2009 Hello, I am very very new to php and I am currently working on a website and it is very frustrating. However, I'm learning (slowly), but I have hit a road block and I have been searching for a couple days now and I haven't found any explanation of why this is happening. I am trying to set up a small form so users can update their Ranch name... that's all good, and it actually works for a moment, but if they navigate away from the page, then go back, the Ranch name is set to a blank space... This leads me to believe that the update function is running automatically without them hitting the Submit button... Do you think that theory is correct, or am I missing something? New Ranch name: <form action=ranch.php method=post><input type=text name=ranchname> <br><input type=submit name=submit value=Submit></form> <?php $rnamez = ($_POST['ranchname']); $update = mysql_query("UPDATE players SET ranchname = '$rnamez' WHERE id = '".$_SESSION['id']."'"); ?> This is the form and the update php under it. Any tips to point me in the right direction would be appreciated. :3 Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted July 22, 2009 Share Posted July 22, 2009 New Ranch name: <form action=ranch.php method=post><input type=text name=ranchname> <br><input type=submit name=submit value=Submit></form> <?php if(isset($_POST['submit'])){ $rnamez = ($_POST['ranchname']); $update = mysql_query("UPDATE players SET ranchname = '$rnamez' WHERE id = '".$_SESSION['id']."'"); } ?> Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted July 22, 2009 Share Posted July 22, 2009 You need to check if the form has been submitted before running your query. The only way to see if a form has been submitted is to see if the $_POST vars exists. Like so if(isset($_POST['submit'])) { $rnamez = mysql_real_escape_string($_POST['ranchname']); $update = mysql_query("UPDATE players SET ranchname = '$rnamez' WHERE id = '".$_SESSION['id']."'"); } Quote Link to comment Share on other sites More sharing options...
Tuk Posted July 22, 2009 Author Share Posted July 22, 2009 Thank you guys so much. Quote Link to comment Share on other sites More sharing options...
bruce080 Posted July 22, 2009 Share Posted July 22, 2009 I found this quote on another website linked below. It might be useful as well, however, the post method is probably the best. The common solution is to generate a token on the server every time you generate a form. Store the token on the server, add it as a hidden field to the form, and delete it once you get a form submission with that token. If you get a form submission without a valid token, it means that the form has already been submitted and ignore it. This has the added advantage of adding XSRF protection to your project. http://stackoverflow.com/questions/880437/preventing-double-form-submissions Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.