Page 1 of 1

prevent sql query from running

Posted: Tue Nov 08, 2005 2:52 pm
by rajan
when i refresh the page, the sql query on that page also runs. is there any idea to prevent sql query from running when somebody refersh that page.

Posted: Tue Nov 08, 2005 3:02 pm
by Luke
post the code.

Posted: Tue Nov 08, 2005 3:14 pm
by rajan
Jcart | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]


my account is updated when anybody refresh that page because sql will also run when anybody referesh that page

Code: Select all

<?php  
$sql="delete from acinfo where username='$_SESSION[email]'"
$result=mysql_query($sql)or die("database fetch error".mysql_error());  

	  $sql="select * from acinfo where username='$_SESSION[email]'";
	  $result=mysql_query($sql)or die("database fetch error".mysql_error());  
	 while($row=mysql_fetch_assoc($result))
	  {
	  
?>
            <tr align="center">
              <td><? echo $row['accounttype'] ?></td>
              <td><? echo $row['purchased'] ?>&nbsp;</td>
              <td><? echo $row['used'] ?>&nbsp;</td>
              <td><? echo $row['purchased']-$row['used'] ?>&nbsp;</td>
              <td><input name="radiobutton" type="radio" value="<? echo $row['accounttype'] ?>" <? if($_POST['radiobutton']==$row['accounttype']){ echo "checked"; }?>></td>
            </tr>
            <?php

   } ?>

Jcart | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]

Posted: Tue Nov 08, 2005 3:17 pm
by Charles256
whoa..edit your post and slap that in PHP tags..

Posted: Tue Nov 08, 2005 3:24 pm
by Luke
Charles256 wrote:whoa..edit your post and slap that in PHP tags..
please

Posted: Tue Nov 08, 2005 3:30 pm
by rajan
i have make this program very small to understand

Posted: Tue Nov 08, 2005 3:54 pm
by Charles256
or you could have done what we asked.. :-/

Posted: Tue Nov 08, 2005 4:26 pm
by rajan
nobody know the answer just pay attention to only php tag

Posted: Tue Nov 08, 2005 4:33 pm
by Charles256
the only thing i can tell by that code that is regenerated is a some data being pulled from a database and displayed..what's wrong with that?why wouldn't you want that to happen?

Posted: Tue Nov 08, 2005 4:46 pm
by rajan
every time data is deleted when somebody refresh that page how to prevent this

Posted: Tue Nov 08, 2005 4:48 pm
by Charles256
maybe change it so your where statement also includes the account type and other info? that way it won't continue deleting their accounts if they have more than one?

Posted: Tue Nov 08, 2005 5:02 pm
by rajan
i am asking about situation not that specific program .

i simply ask how i make a program in which nothing happen when sombody referesh the page :x

Posted: Wed Nov 09, 2005 1:13 am
by n00b Saibot
rajan wrote:i am asking about situation not that specific program .

i simply ask how i make a program in which nothing happen when sombody referesh the page :x
COOOL MAN! take it easy!
you take a session variable in which you store the POST status i.e. $_SESION['posted'] = (true or false);
when submitted, set it to true... if already true then don't run the query... simple enough :wink:

Posted: Wed Nov 09, 2005 1:50 am
by Weirdan
rajan wrote: i simply ask how i make a program in which nothing happen when sombody referesh the page :x
well, it's time to recall what you had read about http methods, especially rfc2616:
RFC2616, sec 9 wrote: In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.
so, delete (create/update) user accounts only in response to POST requests. After the action has been completed, redirect user to the page where the information is displayed. Using your example:

Code: Select all

<?php
if(count($_POST)) {  // delete action has been requested
  $sql="delete from acinfo where username='$_SESSION[email]'"
  $result=mysql_query($sql)or die("database fetch error".mysql_error());  
  header("Location: $_SERVER[PHP_SELF]");
  die();
} else {

      $sql="select * from acinfo where username='$_SESSION[email]'";
      $result=mysql_query($sql)or die("database fetch error".mysql_error());  
     while($row=mysql_fetch_assoc($result))
      {
      
?>
            <tr align="center">
              <td><? echo $row['accounttype'] ?></td>
              <td><? echo $row['purchased'] ?>&nbsp;</td>
              <td><? echo $row['used'] ?>&nbsp;</td>
              <td><? echo $row['purchased']-$row['used'] ?>&nbsp;</td>
              <td><input name="radiobutton" type="radio" value="<? echo $row['accounttype'] ?>" <? if($_GET['radiobutton']==$row['accounttype']){ echo "checked"; }?>></td>
            </tr>
            <?php

   } 
}
?>
Quite probably, this code won't work out of the box, but you should get the idea. To reiterate the rule of thumb: never change any data on the server in response to GET request. Use request methods as their were intended to use, it will save you a lot of time in the long run.