HenryC Posted June 8, 2011 Share Posted June 8, 2011 Hello there i am making a sub4sub site for a small community of people and have a sub4sub page where users can sub to people, once they click the sub button on there name a new record gets added to the subscriber database and that member whom he subscribed to goes off the list but recently i have noticed that there has been alot of double submissions, like if i check my database fred has subscribed to paul there could be 20 of that exact row, how is that ? when the button goes away soon as they click it the first time. Quote Link to comment https://forums.phpfreaks.com/topic/238762-form-double-submission/ Share on other sites More sharing options...
HenryC Posted June 8, 2011 Author Share Posted June 8, 2011 Forgot to add in some code Show the members who can be subscribed <?php $query = "SELECT * FROM users WHERE subcreds > 0 AND username NOT IN (SELECT subscriber_username FROM subscribers WHERE my_id = '$id') ORDER BY RAND() LIMIT 6"; $sql = mysql_query($query) or trigger_error($query . ' has an error:<br />' . mysql_error()); ?> <div class="ssubs"> <?php while($row = mysql_fetch_assoc($sql)){ ?> <center> <div class="subs"> <img src="sub.jpeg" height="64"><br> <?php echo mysql_real_escape_string($row['subchannel']); ?><br> <form action="sub4sub.php?id=<?php echo mysql_real_escape_string($row['id']); ?>" method="POST"> <input type="submit" name="sub" value="Sub" style="background: white; border: none;"> </form> </div> </center> <?php } After hit submit <?php if (isset($_POST['sub'])){ include("connect.php"); $id = mysql_real_escape_string($_GET['id']); $sql = mysql_query("SELECT * FROM users WHERE id= $id"); $row = mysql_fetch_assoc($sql); $usersub = $row['username']; $ytkb = mysql_real_escape_string($row['subchannel']); $subscriberusername = mysql_real_escape_string($row['username']); // youtube stuff try { $yt->insertEntry($newSubscription, $subscriptionsFeedUrl); $myid = $_SESSION['id']; $time = date("Y-m-d H:i:s"); $sqlt = "SELECT * FROM subscribers WHERE my_username = '$username' AND subscriber_username = '$usersub'"; if (mysql_num_rows(mysql_query($sqlt)) == 0){ $sqlkb = mysql_query("INSERT INTO subscribers VALUES('','$myid','$user','$id','$subscriberusername','$time')"); $sqlq = mysql_query("UPDATE users SET subcreds=subcreds+1 WHERE username = '$user'"); $sqlk = mysql_query("UPDATE users SET subcreds=subcreds-1 WHERE id = $id"); header("Location: sub4sub.php"); }else{ header("Location: sub4sub.php"); } } catch (Zend_Gdata_App_HttpException $e) { $sqlt = "SELECT * FROM subscribers WHERE my_username = '$username' AND subscriber_username = '$usersub'"; if (mysql_num_rows(mysql_query($sqlt)) == 0){ $time = date("H:i:s"); $sql = mysql_query("INSERT INTO subscribers VALUES('','$myid','$user','$id','$subscriberusername','$time')"); header("Location: sub4sub.php"); }else{ header("Location: sub4sub.php"); } } I even have a num rows check to make sure there can only be one row, so i dont know whats the problem? Quote Link to comment https://forums.phpfreaks.com/topic/238762-form-double-submission/#findComment-1226870 Share on other sites More sharing options...
PFMaBiSmAd Posted June 8, 2011 Share Posted June 8, 2011 I even have a num rows check Yes, but you have nested the mysql_query() statement inside of it so you have no way to check if the query executed without any errors and you will get the same result for mysql_num_rows for a failed query and for a query that simply matched zero rows. A) You must always check if a query worked or not before you attempt to access any of the information from that query. There are very few cases where you should nest function calls like that and certainly not when an inner function call can fail due to an error. B) In the code you posted $username is not being set to any value and the SELECT query won't match anything. Did you intend to match the $myid value against an id column in the table? You are also using the non-escaped $usersub username in that same query, which will produce a query error if the username happens to contain a sql special character. You have variables in the code you posted that are not being assigned any value, that are being assigned a value but you are not being used, and exist both as an escaped and a non-escaped version. You need to go through your logic and variables and make sure your code is dong what you expect. Quote Link to comment https://forums.phpfreaks.com/topic/238762-form-double-submission/#findComment-1226900 Share on other sites More sharing options...
HenryC Posted June 8, 2011 Author Share Posted June 8, 2011 I have all my variables assigned to a value i just didn't add that to the code here, i forggot to escape the new peice of code i added. the problem is when there is not a row the query will fail and give me a num rows error which is why i nested it around the mysql_query, how can i test it without the nums having a variable? and when the num does have a variable it will give out an error if no records are found Quote Link to comment https://forums.phpfreaks.com/topic/238762-form-double-submission/#findComment-1226943 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.