deebler Posted July 12, 2011 Share Posted July 12, 2011 Hi - I'm having 2 issues with my mysql database. One is that sometimes when someone submits the form it will post back to back to my table, it's not that the person submitted twice it's that it's duplicating the row a 2nd time. Also I'm getting blank entires in my table as well, I don't understand this because you can't submit a blank form because I have certain fields required. I have a line of code in there to prevent duplicates based on email or address, when i tested it it did not allow the duplicate entry, but I think it's still letting duplicates through. I have seen quite a few over the past few days. Here is my php code: <?php $con = mysql_connect(database login); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db(database); //declare variables $name = $_POST['name']; $address = $_POST['address']; $city = $_POST['city']; $state = $_POST['state']; $zip = $_POST['zip']; $cell = $_POST['cell']; $email = $_POST['email']; $keyword = $_POST['keyword']; $kids = $_POST['kids']; $visited = $_POST['visited']; $info = $_POST['info']; $result = mysql_query("SELECT * FROM database WHERE email = '$email' OR address = '$address'") or exit(mysql_error()); //check for duplicates $num_rows = mysql_num_rows($result); //number of rows where duplicates exist if($num_rows == 0) { //if there are no duplicates...insert $sql="INSERT INTO database (id, name, address, city, state, zip, cell, email, keyword, kids, visited, info) VALUES ('','$_POST[name]','$_POST[address]','$_POST[city]','$_POST[state]','$_POST[zip]','$_POST[cell]','$_POST[email]','$_POST[keyword]','$_POST[kids]','$_POST[visited]','$_POST[info]')" ; if (!mysql_query($sql)) { die('Error: ' . mysql_error()); } } mysql_close(); header ("Location: /common/contests/flaquarium/thankyou.html"); // Your code here to handle a successful verification //}; ?> THanks! Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted July 12, 2011 Share Posted July 12, 2011 1. you should be sanitizing your data before insertion into your database table using at least mysql_real_escape_string 2. When inserting, insert the variables that you have declared instead of the $_POST variables themselves, much cleaner and makes it easier to avoid unnecessary errors. Quote Link to comment Share on other sites More sharing options...
deebler Posted July 12, 2011 Author Share Posted July 12, 2011 Sorry to sound ignorant, but I'm very new to this. Could you give me an example of what you mean? Thanks! Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted July 12, 2011 Share Posted July 12, 2011 which part of what I said do you not understand? $sql="INSERT INTO database (id, name, address, city, state, zip, cell, email, keyword, kids, visited, info) VALUES ('','$name','$address','$city','$state','$zip','$cell','$email','$keyword','$kids','$visited','$info')" //use variables instead, this will allows you to sanitize the input before insertion as well Quote Link to comment Share on other sites More sharing options...
deebler Posted July 12, 2011 Author Share Posted July 12, 2011 Mainly about the mysql_real_escape_string() As for the first part, thanks for the example, I thought that's what you meant, just wanted to make sure! Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted July 13, 2011 Share Posted July 13, 2011 i linked the mysql_real_escape_string that I wrote to the PHP documentation on the function, will tell you everything that you need to know about it Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.