refresh button keeps adding data 2

[jofet]

hi,

sorry, am a newbee in php, i created a basic form that would add a data using mysql, however, everytime i test and tried to click the refresh button the page adds a new blank record in the database without clicking the send button, why is that happening?, the database is however working fine..
here the simple script:
<?php
$username="user";
$password="password";
$database="database";
$localhost ="localhost";
$first=$_POST['first'];
$last=$_POST['last'];
$phone=$_POST['phone'];
$mobile=$_POST['mobile'];
$fax=$_POST['fax'];
$email=$_POST['email'];
$web=$_POST['web'];

mysql_connect($localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to Connect to Database");

$query = "INSERT INTO contacts VALUES ('','$first','$last','$phone','$mobile','$fax','$email', '$web')";
mysql_query($query);
mysql_close();
?>

thanks for helping ..
jofet

 

[skiflyer]

Some general MySQL/PHP advice.

Install and setup phpmyadmin (

http://www.phpmyadmin.net/home_page/)

when executing a query use the following line code instead of mysql_query($query)

mysql_query($query) or die(mysql_error().'<br /><br /><pre>'.$query.'</pre><br /><br />Function:'.__function__);

And if you're getting by without an error (as you're probably doing), then just do a print($query) there's a good chance the problem will be obvious. If not, then cut and paste that into the SQL option in phpmyadmin and see if you can gain any information from the response.

 

[DRJ478]

Refreshing a page that was posted sends the posted data again - some browers have warnings, most people disable them. So, you are just adding and adding the same stuff...

Now, even if it is the first load and you have the script in the page - as above - a blank record will be added. You don't have a check if really something was posted or not. In that case $first etc. is empty, as there are no values.

I recommend to put a hidden field on the page that is called 'posted' and set the value to 'yes'. You can then check if the page was poster or not. Wrap you data addition code into:

if ($_POST['posted'] == 'yes'){
   # add record to database
   ...
}

 

[Olavxxx]

Do as DRJ478 said, with the hidden field and wrap the if(.. around the insert statement/code.
You can put an else afterwards, so you can display "sorry mac, no double-posting!" or something like that.

Also, one very important thing! strip_tags!
If you do not use the strip_tags, your users can write alot of damaging content into your database!

the strip_tags will strip both php and all html codes.. (including javascript).

if you do not implement this function, they can paste javascript redirects, meta refresh, repulsive images, links to repulsive sites, corrupted html, etc.

You simply use it as follows:

$allowed = '<b><p><br />';
$variable = strip_tags($variable, $allowed);

I think you should implement it your self, since then you will learn more
You can look up the function here:

http://no.php.net/strip_tags

 

[Olavxxx]

I forgot this one:

$query = "INSERT INTO `contacts` VALUES ('','{$first}','{$last}','{$phone}','{$mobile}','{$fax}','{$email}', '{$web}')";

use {} to capsulate the variables!

 

[ingresman]

Just to expand on DRJ478's post. I'm assuming you are using internet explorer, do you get a message saying something to the effect that the page has expired?.
I've tried to replicate this myself but somehow can't get it to happen.
Can you post all of the php please ?

 

[Olavxxx]

ingresman: it will not say expired, unless you hit the "back" button, into a page which has been submitted to.

eg. he presses F5, aka. "refresh" and that makes the browser submit once again.
Since he had no control-variable, it simply readded the post to the database.

There should also be other checks, like what the user has typed in the input fields..
eg.
if (name = "") {$halt['name'] = "Name is missing!";}
and so on..

nested if/else is very important, when it comes to having users post something.

 

[jofet]

hi

i dont get an expired message though
thanks for all your help the script is working now,
i used a hidden field..and ill try the strip tags thing
see yu
thanks again

 

[Olavxxx]

If you want to provoke an expired message, first have an insert, via submit, as this one.

then you have a link to another page (on the same server).

then you try to press the "go back" in your browser.