After the user submits the form he goes to index.php?section=products&action=insert
This add the form entries in the database and informs the user. It looks good, an extra entry has been added and all is okay until the user revisits the page (refresh/through link etc.)
Then an empty entry is inserted in the database although the link is not index.php?section=products&action=insert
My code for the insert query is:
Code: Select all
case 'insert':
/* INSERTS NEW PRODUCT IN THE DATABASE */
//get posted values from form
$product_title=$_POST[product_title];
$product_description=$_POST[product_description];
$product_advanced=$_POST[product_advanced];
$product_code=$_POST[product_code];
$product_category=$_POST[product_category];
$product_subcategory=$_POST[product_subcategory];
$product_show=$_POST[product_show];
$product_tags=$_POST[product_tags];
$product_image=$_POST[product_image];
//prevent sql injection - filter special characters
$product_title=mysql_real_escape_string($product_title,$db_connection);
$product_description=mysql_real_escape_string($product_description,$db_connection);
$product_advanced=mysql_real_escape_string($product_advanced,$db_connection);
$product_code=mysql_real_escape_string($product_expire_code,$db_connection);
$product_category=mysql_real_escape_string($product_category,$db_connection);
$product_subcategory=mysql_real_escape_string($product_subcategory,$db_connection);
$product_show=mysql_real_escape_string($product_show,$db_connection);
$product_tags=mysql_real_escape_string($product_tags,$db_connection);
$product_image=mysql_real_escape_string($product_image,$db_connection);
//insert into database
$db_insert="INSERT INTO products (
product_title,
product_description,
product_advanced,
product_tags,
product_category,
product_subcategory,
product_code,
product_show,
product_image
)
VALUES
(
'$product_title',
'$product_description',
'$product_advanced',
'$product_tags',
'$product_category',
'$product_subcategory',
'$product_code',
'$product_show',
'$product_image'
)";
if (mysql_query($db_insert,$db_connection))
{
//SUCCESS - Entry was INSERTED
echo "<div id='notice' ><div style='background-color:#FFFF66;width:690px;height:20px;text-indent:4px;'><img src='files/images/layout/alert.png' alt='alert' /><b> New product [ <b>$product_title</b> ] was added!</b></div></div>";
}
else
{
//MySQL error occured
echo mysql_error();
}
break;