prevent sql query from running

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
rajan
Forum Contributor
Posts: 110
Joined: Sun Aug 28, 2005 7:42 pm
Location: Lucknow, UP, India

prevent sql query from running

Post by rajan »

when i refresh the page, the sql query on that page also runs. is there any idea to prevent sql query from running when somebody refersh that page.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

post the code.
User avatar
rajan
Forum Contributor
Posts: 110
Joined: Sun Aug 28, 2005 7:42 pm
Location: Lucknow, UP, India

Post by rajan »

Jcart | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]


my account is updated when anybody refresh that page because sql will also run when anybody referesh that page

Code: Select all

<?php  
$sql="delete from acinfo where username='$_SESSION[email]'"
$result=mysql_query($sql)or die("database fetch error".mysql_error());  

	  $sql="select * from acinfo where username='$_SESSION[email]'";
	  $result=mysql_query($sql)or die("database fetch error".mysql_error());  
	 while($row=mysql_fetch_assoc($result))
	  {
	  
?>
            <tr align="center">
              <td><? echo $row['accounttype'] ?></td>
              <td><? echo $row['purchased'] ?>&nbsp;</td>
              <td><? echo $row['used'] ?>&nbsp;</td>
              <td><? echo $row['purchased']-$row['used'] ?>&nbsp;</td>
              <td><input name="radiobutton" type="radio" value="<? echo $row['accounttype'] ?>" <? if($_POST['radiobutton']==$row['accounttype']){ echo "checked"; }?>></td>
            </tr>
            <?php

   } ?>

Jcart | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
Last edited by rajan on Tue Nov 08, 2005 4:45 pm, edited 6 times in total.
Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

whoa..edit your post and slap that in PHP tags..
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

Charles256 wrote:whoa..edit your post and slap that in PHP tags..
please
User avatar
rajan
Forum Contributor
Posts: 110
Joined: Sun Aug 28, 2005 7:42 pm
Location: Lucknow, UP, India

Post by rajan »

i have make this program very small to understand
Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

or you could have done what we asked.. :-/
User avatar
rajan
Forum Contributor
Posts: 110
Joined: Sun Aug 28, 2005 7:42 pm
Location: Lucknow, UP, India

Post by rajan »

nobody know the answer just pay attention to only php tag
Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

the only thing i can tell by that code that is regenerated is a some data being pulled from a database and displayed..what's wrong with that?why wouldn't you want that to happen?
User avatar
rajan
Forum Contributor
Posts: 110
Joined: Sun Aug 28, 2005 7:42 pm
Location: Lucknow, UP, India

Post by rajan »

every time data is deleted when somebody refresh that page how to prevent this
Charles256
DevNet Resident
Posts: 1375
Joined: Fri Sep 16, 2005 9:06 pm

Post by Charles256 »

maybe change it so your where statement also includes the account type and other info? that way it won't continue deleting their accounts if they have more than one?
User avatar
rajan
Forum Contributor
Posts: 110
Joined: Sun Aug 28, 2005 7:42 pm
Location: Lucknow, UP, India

Post by rajan »

i am asking about situation not that specific program .

i simply ask how i make a program in which nothing happen when sombody referesh the page :x
User avatar
n00b Saibot
DevNet Resident
Posts: 1452
Joined: Fri Dec 24, 2004 2:59 am
Location: Lucknow, UP, India
Contact:

Post by n00b Saibot »

rajan wrote:i am asking about situation not that specific program .

i simply ask how i make a program in which nothing happen when sombody referesh the page :x
COOOL MAN! take it easy!
you take a session variable in which you store the POST status i.e. $_SESION['posted'] = (true or false);
when submitted, set it to true... if already true then don't run the query... simple enough :wink:
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

rajan wrote: i simply ask how i make a program in which nothing happen when sombody referesh the page :x
well, it's time to recall what you had read about http methods, especially rfc2616:
RFC2616, sec 9 wrote: In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.
so, delete (create/update) user accounts only in response to POST requests. After the action has been completed, redirect user to the page where the information is displayed. Using your example:

Code: Select all

<?php
if(count($_POST)) {  // delete action has been requested
  $sql="delete from acinfo where username='$_SESSION[email]'"
  $result=mysql_query($sql)or die("database fetch error".mysql_error());  
  header("Location: $_SERVER[PHP_SELF]");
  die();
} else {

      $sql="select * from acinfo where username='$_SESSION[email]'";
      $result=mysql_query($sql)or die("database fetch error".mysql_error());  
     while($row=mysql_fetch_assoc($result))
      {
      
?>
            <tr align="center">
              <td><? echo $row['accounttype'] ?></td>
              <td><? echo $row['purchased'] ?>&nbsp;</td>
              <td><? echo $row['used'] ?>&nbsp;</td>
              <td><? echo $row['purchased']-$row['used'] ?>&nbsp;</td>
              <td><input name="radiobutton" type="radio" value="<? echo $row['accounttype'] ?>" <? if($_GET['radiobutton']==$row['accounttype']){ echo "checked"; }?>></td>
            </tr>
            <?php

   } 
}
?>
Quite probably, this code won't work out of the box, but you should get the idea. To reiterate the rule of thumb: never change any data on the server in response to GET request. Use request methods as their were intended to use, it will save you a lot of time in the long run.
Post Reply