Jump to content

[SOLVED] Preventing users submitting forms already submitted

Potatis

By Potatis
in PHP Coding Help

 Share

Recommended Posts

Potatis Member

Potatis

Posted
Posted

I want to make sure people can't submit the same form twice. I want to see if a username exists for a particular round, and if so it means they have already submitted the form.

 

Here is the code that doesn't work. It allows the same form with the same round number and username to be submitted to the database creating muliple entries. Not good for a multiple choice quiz!

 

$con = mysql_connect("db", "user", "pass");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
  
  mysql_select_db("db", $con);
  
//Check if person has already submitted

$round = $_POST['round'];
$name = $_SESSION['username'];
$result = mysql_query("SELECT username FROM games WHERE username =
'$name' AND round='$round' ");

if(mysql_query($result)==0)    //I'm trying to ask whether there are zero instances of this username and round number
          
{
		  
//Enter data from form into database

$flds = array('username', 'email', 'round', 'game1', 'game2', 'game3', 'game4', 'game5', 'game6', 'game7', 'game8');
$qtmp = array();
foreach ($flds as $fld)
     $qtmp[] = $fld . " = '" . mysql_real_escape_string($_POST[$fld]) . "'";
$q = "insert into games set " . implode(', ',$qtmp);
$rs = mysql_query($q) or die("Problem with the query: $q <br />" . mysql_error());
      
  header("Refresh: 3; http://domain.com/ "); 
  
  }
   else{
          
      header("Refresh: 3; http://otherdomain.com ");

               }

 

 

 

toplay Member

toplay

Posted
Posted

This is wrong: if(mysql_query($result)==0)

 

Read up on mysql_xxx type of functions on http://www.php.net.

 

Basically, the query will not return any data right there and then. You have to issue a fetch to see if any data exists for the search ('where' clause) you're looking for, or issue mysql_num_rows() to know the number of rows that were found. Both of these should not be executed until you first check that mysql_query() worked (not returned any errors/false).

 

 

 

 

Potatis Member

Potatis

Posted
  • Author
Posted

Woohoo!

 

This did the trick:

 

$result = mysql_query("SELECT username FROM games WHERE username =
'$name' AND round='$round'");

if (!$result)
  {
  die('Could not connect: ' . mysql_error());
  }

$row = mysql_fetch_row($result);

if ($row == 0) {

header("Refresh: 3; http://domain.com"); 

}

else {

//Enter data into database

 

Thanks again for showing me where I was wrong, toplay. :)

toplay Member

toplay

Posted
Posted

Don't know what you're talking about "that round number".

 

Not correct: if ($row == 0) {

 

if ($row) {

  // Data retrieved

} else {

  // no data found

}

 

 

If you want something to happen right after issuing a header() then an exit; must follow it, otherwise logic will keep falling through to rest of code (below header() which may or may not be what you want/expect).

 

 

Potatis Member

Potatis

Posted
  • Author
Posted

Ok thanks, I'll try again with what you've given me, I'll get there! :)

 

"round number" is the number of the round that the game played.

 

username, round# , game1, game2, etc. is in the row.

 

I only want one row to be submitted for each username with a particular round number. The same user can submit again when it is the next round which will be one round number higher.

 

 

Potatis Member

Potatis

Posted
  • Author
Posted

All right, it works now! It took me many hours to find a solution.

 

This is it, for anyone who searches for it in the future:

// Connect to db

//Check if person has already submitted

$round = $_POST['round'];
$name = $_SESSION['username'];

$combined_check = mysql_fetch_assoc(mysql_query("select count(*) as Count FROM games WHERE username='$name' AND round='$round'"));
if ($combined_check["Count"]>0) {
echo "Record already exists, you can't post again.";
exit;
}

//Enter data into database

 

Works perfectly. :)

toplay Member

toplay

Posted
Posted

Well done! I recommend that you never nest mysql functions. In case the inner query doesn't work, it will make the outer fetch fail too. Never execute a subsequent mysql function when the earlier or related one didn't work.

 

An alternative:

 

<?php

$sql = "select `username` FROM games WHERE `username` = '$name' AND `round` = '$round'";
$result = mysql_query($sql); 
if (!$result) { // Handle any possible errors that might arise
    echo 'Error in query. SQL: ', $sql, ' Error: ', mysql_error();
    exit;
}
$count = mysql_num_rows($result);
if ($count > 0) {
    echo "Record already exists, you can't post again.";
    exit;
}

?>

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.