homepage Welcome to WebmasterWorld Guest from 54.196.62.132
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Values getting posted
strings




msg:3654302
 9:13 am on May 20, 2008 (gmt 0)

THis is a very serious problem i am facing.
When i enter any value in textbox1 and i clcik submit , the values are getting enetered into database.upto to here its ok.
The problem is when i refersh the page the values are getting entered
into database automatically.
ple anyone sort this prob.

thanks.
AMit.

if(isset($_POST['submit']))
{

if($_POST['textbox1']!="")
{
$qu = "insert into allmail (email) values('".$_POST['textbox1]."') ";
mysql_query($qu) ;
}

}

 

Habtom




msg:3654311
 9:22 am on May 20, 2008 (gmt 0)

This is more of a logic question than a problem with the code.

Once the values are submitted you can redirect, the page to a different page where you can thank them for posting the comments or similar.

Please also note that you need to learn ways to clean customer data before you directly add into an SQL statement as you did.

PHP_Chimp




msg:3654313
 9:23 am on May 20, 2008 (gmt 0)

When you refresh a page where a post has been made there is generally a warning that comes up in the browser to say that if you refresh you make another post. As the post request is sent with the http request for the page. So when a new request is sent for the same page then there is another post sent.

So an easy way around that would be to redirect the browser to another page after the information has been entered into the database. This will then clear the original post sent, unless people go back to that page again.

if(isset($_POST['submit'])) {
if($_POST['textbox1']!="") {
$qu = "insert into allmail (email) values('".$_POST['textbox1]."') ";
$result = mysql_query($qu) ;
if (!$result) {
echo 'It died...try again later';
}
else {
header('Location: some_other_page.php');
}
}
}

I dont know if you are checking the data with another function but I would suggest that you look at mysql_real_escape_string [uk.php.net] before you put that code live.

Romeo




msg:3654599
 4:12 pm on May 20, 2008 (gmt 0)

... and furthermore, additionally to what has been already suggested, some logic could be added to first do a SELECT to see if the data is already there before INSERTing -- or not.

Kind regards,
R.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved