Page 1 of 1

Double entry submission problem

Posted: Fri Jan 09, 2009 5:03 am
by Sindarin
Hello, in my content management I have a weird problem,

After the user submits the form he goes to index.php?section=products&action=insert

This add the form entries in the database and informs the user. It looks good, an extra entry has been added and all is okay until the user revisits the page (refresh/through link etc.)
Then an empty entry is inserted in the database although the link is not index.php?section=products&action=insert 8O

My code for the insert query is:

Code: Select all

case 'insert':
 
/*    INSERTS NEW PRODUCT IN THE DATABASE   */
 
//get posted values from form
$product_title=$_POST[product_title];
$product_description=$_POST[product_description];
$product_advanced=$_POST[product_advanced];
$product_code=$_POST[product_code];
$product_category=$_POST[product_category];
$product_subcategory=$_POST[product_subcategory];
$product_show=$_POST[product_show];
$product_tags=$_POST[product_tags];
$product_image=$_POST[product_image];
 
//prevent sql injection - filter special characters
 
$product_title=mysql_real_escape_string($product_title,$db_connection);
$product_description=mysql_real_escape_string($product_description,$db_connection);
$product_advanced=mysql_real_escape_string($product_advanced,$db_connection);
$product_code=mysql_real_escape_string($product_expire_code,$db_connection);
$product_category=mysql_real_escape_string($product_category,$db_connection);
$product_subcategory=mysql_real_escape_string($product_subcategory,$db_connection);
$product_show=mysql_real_escape_string($product_show,$db_connection);
$product_tags=mysql_real_escape_string($product_tags,$db_connection);
$product_image=mysql_real_escape_string($product_image,$db_connection);
 
//insert into database
$db_insert="INSERT INTO products (
product_title,
product_description,
product_advanced,
product_tags,
product_category,
product_subcategory,
product_code,
product_show,
product_image
)
VALUES
(
'$product_title',
'$product_description',
'$product_advanced',
'$product_tags',
'$product_category',
'$product_subcategory',
'$product_code',
'$product_show',
'$product_image'
)";
 
 
if (mysql_query($db_insert,$db_connection))
{
//SUCCESS - Entry was INSERTED
echo "<div id='notice' ><div style='background-color:#FFFF66;width:690px;height:20px;text-indent:4px;'><img src='files/images/layout/alert.png' alt='alert' /><b> New product [ <b>$product_title</b> ] was added!</b></div></div>";
}
else
{
//MySQL error occured
echo mysql_error();
}
break;

Re: Double entry submission problem

Posted: Fri Jan 09, 2009 5:05 am
by mattpointblank
You need to make sure it only runs that code when a button has been pressed or whatever, something like

if(isset($_POST['addStuff'])) {

// insert data here

}