Welcome to WebmasterWorld Guest from 54.211.135.32

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Values getting posted

     
9:13 am on May 20, 2008 (gmt 0)

New User

10+ Year Member

joined:May 16, 2008
posts: 9
votes: 0


THis is a very serious problem i am facing.
When i enter any value in textbox1 and i clcik submit , the values are getting enetered into database.upto to here its ok.
The problem is when i refersh the page the values are getting entered
into database automatically.
ple anyone sort this prob.

thanks.
AMit.

if(isset($_POST['submit']))
{

if($_POST['textbox1']!="")
{
$qu = "insert into allmail (email) values('".$_POST['textbox1]."') ";
mysql_query($qu) ;
}

}

9:22 am on May 20, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 15, 2004
posts:1867
votes: 0


This is more of a logic question than a problem with the code.

Once the values are submitted you can redirect, the page to a different page where you can thank them for posting the comments or similar.

Please also note that you need to learn ways to clean customer data before you directly add into an SQL statement as you did.

9:23 am on May 20, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 12, 2007
posts:766
votes: 0


When you refresh a page where a post has been made there is generally a warning that comes up in the browser to say that if you refresh you make another post. As the post request is sent with the http request for the page. So when a new request is sent for the same page then there is another post sent.

So an easy way around that would be to redirect the browser to another page after the information has been entered into the database. This will then clear the original post sent, unless people go back to that page again.


if(isset($_POST['submit'])) {
if($_POST['textbox1']!="") {
$qu = "insert into allmail (email) values('".$_POST['textbox1]."') ";
$result = mysql_query($qu) ;
if (!$result) {
echo 'It died...try again later';
}
else {
header('Location: some_other_page.php');
}
}
}

I dont know if you are checking the data with another function but I would suggest that you look at mysql_real_escape_string [uk.php.net] before you put that code live.
4:12 pm on May 20, 2008 (gmt 0)

Preferred Member

10+ Year Member

joined:Sept 28, 2002
posts:505
votes: 0


... and furthermore, additionally to what has been already suggested, some logic could be added to first do a SELECT to see if the data is already there before INSERTing -- or not.

Kind regards,
R.