We Keep Coding

PHP Post Echo Two Sql Entries

I need help figuring out why I receive two entries into my database with the following code. At this time it is inputting the complete record and a blank record into the database. Not sure why. Can anyone point me in the right direction of where I am going wrong? Thanks.
Form and PHP Code
<form method="post" action="cu.php">
<input type="text" name="name" value size="35"
placeholder="Name">&nbsp&nbsp
<input type="text" name="email" value size="35" placeholder="Email">
<br><br>
<select name="dropdown">
<option value="0">Comment Type</option>
<option value="A">Accounting</option>
<option value="FAQ">FAQ</option>
<option value="GQ">General Question</option>
<option value="TS">Technical Support</option>
</select>
<br><br>
<textarea name="comments" rows="10" cols="60" style"border: 3px solid #555"
placeholder="Comments"></textarea>
<br><br>
<input type="submit" value="Submit" id="btn">
<input type="reset" value="Reset" id="btn">
</form>
</one>
</div>
<?php
if ($_POST) {
$name = $_POST['name'];
echo "User Has submitted the form and entered this name : <b>$name</b>";
echo "<br>You can use the following form again to enter a new name.";
}
$con = mysql_connect("mysql", "username", "pswd");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
/* Prevent duplicate submissions */
if (isset($_COOKIE['FormSubmitted'])) {
show_error('You may only submit this form once per session!');
}
mysql_select_db("communication", $con);
$sql = "INSERT INTO contact (name, email, cusno, dropdown, comments)
VALUES
('$_POST[name]', '$_POST[email]', '$_POST[cusno]', '$_POST[dropdown]',
'$_POST[comments]')";
if (!mysql_query($sql, $con)) {
die('Error: ' . mysql_error());
}
mysql_close($con);

That is because, everytime the page load, php will run your sql insert code. This happen because you don't check if the form is submitted, then run the sql query.
Do like this:
add name to your submit button:
<input type="submit" value="Submit" id="btn" name="submit">
then in php, wrap the sql insert in if statement
// check if submit button is POST, then run query
if(isset($_POST['submit']))
{
$sql = "INSERT INTO contact (name, email, cusno, dropdown, comments)
VALUES
('$_POST[name]', '$_POST[email]', '$_POST[cusno]', '$_POST[dropdown]',
'$_POST[comments]')";
if (!mysql_query($sql, $con)) {
die('Error: ' . mysql_error());
}
}

Update this lines
if (!mysql_query($sql, $con)) {
die('Error: ' . mysql_error());
}
to
if (!empty($_POST) && !mysql_query($sql, $con) ) {
die('Error: ' . mysql_error());
}
Also i suppose that you browser requesting favicon file and the fore your code can be executed twice

Submitting html data and staying on same page

I have a form page
<html>
<body>
<form action="insert.php" method="post">
App Name: <input type="text" name="fname" /><br><br>
App ID: <input type="text" name="lname" /><br><br>
<input type="submit" name="SubmitButton"/>
</form>
</body>
</html>
And this is the php page:
<html>
<body>
<?php
$con = mysql_connect("xxx","xxx","xxx");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("db", $con);
$sql="INSERT INTO app (fname, lname) VALUES('$_POST[fname]','$_POST[lname]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>
</body>
</html>
Now, I want it to display 1 record added on the same page as the form and not have the form send me to a new insert.php page with it. Basically, I want the submit form to stay in the same page with maybe a a new message popping up to show that it has worked.
I have already looked through some answers on stackoverflow like using
if(isset($_POST['SubmitButton']))
but it doesn't work. Maybe I placed it wrong or used it incorrectly but could someone help me figure it out?

Just make it an action to itself, and set an if $_POST['submit'] to add the records, and you can have both in the same file. If you wish to do so without refreshing the page, you'll need to use AJAX.
<html>
<body>
<?php
if (isset($_POST['SubmitButton'])) {
$con = mysql_connect("xxx","xxx","xxx");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("db", $con);
$sql="INSERT INTO app (fname, lname)
VALUES
('$_POST[fname]','$_POST[lname]')";
if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
}
?>
<form action="" method="post">
App Name: <input type="text" name="fname" /><br><br>
App ID: <input type="text" name="lname" /><br><br>
<input type="submit" name="SubmitButton"/>
</form>
</body>
</html>
Also, mysql_* is deprecated, so you should consider converting to PDO or MySQLi to avoid SQL injection!

PHP error. “ Undefined index” the data from the form won't insert into the mysql database

it is a error in the VALUES in the php. It says it is a undefined index in every single value. I have tried for a long time now, but i can't figure out what the problem is. is it in my database or inside the code? Please help me :)
<html>
<body>
<h1>A small example page to insert some data in to the MySQL database using PHP</h1>
<form action="insert.php" method="post">
Firstname: <input type="text" name="navn" /><br><br>
Lastname: <input type="text" name="adresse" /><br><br>
<input type="submit" />
</form>
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("forum", $con);
$sql="INSERT INTO bruker (navn, adresse)
VALUES
('$_POST[navn]',
'$_POST[adresse]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>
</body>
</html>

your post value will work once submit button is clicked
<form action="" method="post">
<input type="submit" name="submit" />
<?php
if(isset($_POST['submit']))
{
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("forum", $con);
$sql="INSERT INTO bruker (navn, adresse)
VALUES
('$_POST[navn]',
'$_POST[adresse]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
}
?>
you can also hide your warning by using
error_reporting(0);

Try not to use old mysql functions. Switch to mysqli or PDO instead. I've updated the code for BASIC security, but prepared statements give much more security.
Try this:
<?php
$con = mysqli_connect("localhost","root","pw","dbname");
if (mysqli_connect_errno($con))
{
die('Could not connect: ' . mysqli_connect_error());
}
$navn = mysqli_real_escape_string($con,$_POST['navn']);
$adresse = mysqli_real_escape_string($con,$_POST['adresse']);
$sql="INSERT INTO bruker (navn, adresse)
VALUES
('$navn',
'$adresse')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
EDIT: And you're accessing the index of your arrays ($_POST[navn] and $_POST[adresse]) at the wrong way. You have to put the index-names in single quotes like $_POST['navn'].

Redirect to URL after form post

I have a problem which i can't resolve. I want to redirect to an URL after i do a form post (button clicked). How can i do that? I didn't find a solution so far on the internet.
My files:
addmatch.html
<html>
<body>
<form action="insert.php" method="post">
Date: <input type="text" name="date">
Home: <input type="text" name="home">
Away: <input type="text" name="away">
Result: <input type="text" name="result">
<input type="submit" name="submit">
</form>
</body>
</html>
insert.php
<?php
define("HOST", "localhost");
define("DBUSER", "..");
define("PASS", "..");
define("DB", "..");
$con=mysqli_connect(HOST, DBUSER, PASS, DB);
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO wedstrijden (date, home, away, result)
VALUES
('$_POST[date]','$_POST[home]','$_POST[away]','$_POST[result]')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
Thanks in advance!

as I can see now, you form will send post request to insert.php
if you want to redirect user after you will save data in database you should add header("location youUrl.php"); before any output (echo, print etc)

How Do I Prevent Blank Data from being Inserted into a MySQL Table?

Also malicious inserts
I've seen this question asked but none of the responses worked for me (or rather I was too stupid to make them work). I think I need personalized help. Every time I refresh my php page it inserts blank data. How do I prevent blank and/or malicious data from being inserted.
This is my code:
<?php
$con = mysql_connect("localhost","user","pass") or die ("Couldn't connect!");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("streams") or die ("Couldn't find db");
$sql="INSERT INTO streams (streamname)
VALUES ('$_POST[streamname]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>
<form action="submit.php" method="POST">
Stream Name: <input type="text" name="streamname" id="streamname" /><br />
<input type="submit" name="submit" value="Stream" />
</form>

Wrap it with some defensive logic:
if(!empty($_POST['streamname'])) {
// Your code here
}

Try checking if POST params are set :
<?php
if($_POST) {
$con = mysql_connect("localhost","user","pass") or die ("Couldn't connect!");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("streams") or die ("Couldn't find db");
$sql="INSERT INTO streams (streamname)
VALUES ('$_POST[streamname]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con);
}
?>
<form action="submit.php" method="POST">
Stream Name: <input type="text" name="streamname" id="streamname" /><br />
<input type="submit" name="submit" value="Stream" />
</form>

You should be escaping the input.
$sql='INSERT INTO streams (streamname)
VALUES ("'.mysql_real_escape_string($_POST[streamname]).'")';