Stop INSERT INTO from creating new row when page is refreshed [duplicate] - php

This question already has answers here:
Stop data inserting into a database twice
(16 answers)
Closed 8 years ago.
I have this code below and it works fine except when I refresh the page it inserts a blank row. Does anyone know what I need to do here?
<?php
$con=mysqli_connect("localhost","name","password","inventory");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$inv_number = mysqli_real_escape_string($con, $_POST['inv_number']);
$date = mysqli_real_escape_string($con, $_POST['date']);
$date_type = mysqli_real_escape_string($con, $_POST['date_type']);
$item1 = mysqli_real_escape_string($con, $_POST['item1']);
$location1 = mysqli_real_escape_string($con, $_POST['location1']);
$sql="INSERT INTO invoice (inv_number, date, date_type, item1, location1)
VALUES ('$inv_number', '$date', '$date_type', '$item1', '$location1')";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo 'Invoice #'.$_POST['inv_number'].' recorded';
mysqli_close($con);
?>
I tried finding conditional if statements that can keep the code from creating blank rows but to no avail have I found a working solution.
Any help is appreciated.


<?php
$con=mysqli_connect("localhost","name","password","inventory");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if (empty($_POST['inv_number']) || empty($_POST['date']) ||empty($_POST['date_type'])
|| empty($_POST['item1']) || empty($_POST['location1']))
{
echo "Re direct user by using header or show them messages";
}
else {
// set your variable and run your query
//i just copy and posted your code from your question
// escape variables for security
$inv_number = mysqli_real_escape_string($con, $_POST['inv_number']);
$date = mysqli_real_escape_string($con, $_POST['date']);
$date_type = mysqli_real_escape_string($con, $_POST['date_type']);
$item1 = mysqli_real_escape_string($con, $_POST['item1']);
$location1 = mysqli_real_escape_string($con, $_POST['location1']);
$sql="INSERT INTO invoice (inv_number, date, date_type, item1, location1)
VALUES ('$inv_number', '$date', '$date_type', '$item1', '$location1')";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo 'Invoice #'.$_POST['inv_number'].' recorded';
}
mysqli_close($con);
?>
Important to note your query will not run, if any of the feild which is given in if statement are empty
Please read the comment in the solution

Related

Unable to insert data on mysql using php

I am getting error
Undefined variable: company_name.
but some fields are inserted in database.
<?php
$con=mysqli_connect("localhost","root","","vdl");
// Check connection
if (mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL
$Company_name = $_POST['company_name'];
$since = $_POST['since'];
$strength = $_POST['strength'];
$head_quarter = $_POST['head_quarter'];
if($company_name !=''||$since !=''){
mysqli_query($con,"insert into digital_library(company_name, since, strength, head_quarter) values ('$company_name', '$since', '$strength', '$head_quarter')");
mysqli_close($con);
}
else{
echo "<p>Insertion Failed <br/> Some Fields are Blank....!!</p>";
}
}
?>

First of all, mysql_* functions are deprecated as of PHP 5.5, and have been completely removed as of PHP 7.0.
Staying up to date with whats new and good now you reguarly want to update things aswell as PHP. Knowing that the mysql_* functions are deprecated (not under active development) we should not use them anymore (we can't even use them anymore if you have updated your php). Anyways back to the point you should not use mysql_* functions especially not now you are new to programming because you will have to update your php someday meaning you will have to change all of your code.
As of the code below:
This is mysqli_* mysqli.php
I have added a check on the db connection checking if that is actually working since you did not check the connection. Because even without that connection working that if loop would still return you your echo.
In mysqli_* you also have to add the connection in the query string.
<?php
$con=mysqli_connect("localhost","root","","vd1");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if(isset($_POST['submit'])){ // Fetching variables of the form which travels in URL
$company_name = $_POST['company_name'];
$since = $_POST['since'];
$strength = $_POST['strength'];
$head_quarter = $_POST['head_quarter'];
if($company_name !=''||$since !=''){
mysqli_query($con,"insert into digital_library(company_name, since, strength, head_quarter) values ('$company_name', '$since', '$strength', '$head_quarter')");
mysqli_close($con);
}
}
?>

First of all mysql is deprecated. Don't use mysql. Use either mysqli or pdo.
In your given code,
Add condition after $query statement to get exact error.
if (!$query) {
$message = 'Invalid query: ' . mysql_error() . "\n";
die($message);
}
else {
echo "<br/><br/><span>Data Inserted successfully...!!</span>";
}

You should trace all errors that may occur. I suggest to use prepared statement, try this:
<?php
$sql = new mysqli("localhost", "root", "", "vdl");
if($sql->connect_errno)
return printf("MySQL Connection Error #%d: %s", $sql->connect_errno, $sql->connect_error);
// I'd recommend to not use $_POST['submit'], it'd be better to check all the fields (company_name, since, strength, head_quarter) using the strlen() function
// for example: if(strlen($company = $_POST["company_name"]) && strlen($since = $_POST["since"])) ... etc.
if(isset($_POST["submit"]))
{
if(!$sm = $sql->prepare("INSERT INTO `digital_library` (`company_name`, `since`, `strength`, `head_quarter`) VALUES (?, ?, ?, ?)"))
return printf("Unable to prepare statement. Error #%d: %s", $sm->errno, $sm->error);
if(!$sm->bind("ssss", $_POST["company_name"], $_POST["since"], $_POST["strength"], $_POST["head_quarter"]))
return printf("Unable to bind parameters. Error #%d: %s", $sm->errno, $sm->error);
if(!$sm->execute())
return printf("MySQL Query Error #%d: %s", $sm->errno, $sm->error);
printf("The query has successfully executed!");
} else
printf("There's nothing to see, get outta here");
?>
If you don't want to use prepared statement, do this:
<?php
$sql = new mysqli("localhost", "root", "", "vdl");
if($sql->connect_errno)
return printf("MySQL Connection Error #%d: %s", $sql->connect_errno, $sql->connect_error);
if(
strlen( $company = $sql->real_escape_string($_POST["company_name"]) )
&& strlen( $since = $sql->real_escape_string($_POST["since"]) )
&& strlen( $strength = $sql->real_escape_string($_POST["strength"]) )
&& strlen( $head_quarter = $sql->real_escape_string($_POST["head_quarter"]) )
) {
$query = sprintf("INSERT INTO `digital_library` (`company_name`, `since`, `strength`, `head_quarter`) VALUES ('%s', '%s', '%s', '%s')", $company, $since, $strength, $head_quarter);
if(!$q = $sql->query($query))
return printf("MySQL Query Error #%d: %s", $sql->errno, $sql->error);
printf("The query has successfully executed!");
} else
printf("There's nothing to see, get outta here");
?>

Do one thing and It will be easy for you to debug-
Change this
$query = mysql_query("insert into digital_library(company_name, since, strength, head_quarter) values ('$company_name', '$since', '$strength', '$head_quarter')");
echo "<br/><br/><span>Data Inserted successfully...!!</span>";
to
echo "insert into digital_library(company_name, since, strength, head_quarter) values ('$company_name', '$since', '$strength', '$head_quarter')";
Now when you submit you get the original query in response.
Now run this query in phpmyadmin manually and see the results. Correct the issues phpmyadmin gives you and update your query in your script accordingly.

Registration Form : No error showing but No data on mysql DATABASE

I am trying to develop a registration form.
When I fill all the filed and submit the form, no error showing
the server is connected but no data on mysql database table. Bellow L attached the action file of form. What do I miss? and how can I solve it?
<?php
$mysqli_servername = "localhost";
$mysqli_username = "admin_try";
$mysqli_password = "rFT5hePS5u";
$mysqli_database = "indepe";
// Create connection
$conn = mysqli_connect($mysqli_servername,$mysqli_username,$mysqli_password,$mysqli_database);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
echo "<a href='index.html'>Back to main page</a>";
if (isset($_GET["submitreg"]))
{
$id= mysqli_real_escape_string($conn, $_POST['id']);
$country = mysqli_real_escape_string($conn, $_POST['country']);
$email = mysqli_real_escape_string($conn,$_POST['email']);
$password = mysqli_real_escape_string($conn,$_POST['password']);
$re_password = mysqli_real_escape_string($conn,$_POST['re_password']);
$compnay = mysqli_real_escape_string($conn,$_POST['compnay']);
$contact = mysqli_real_escape_string($conn,$_POST['contact']);
$tell = mysqli_real_escape_string($conn,$_POST['tell']);
$sql = "INSERT INTO registration(id,country,email,password,re_password,compnay,contact,tell);
VALUES('id','$country','$email','$password','$re_password','$compnay','$contact'),'$tell'";
if ($conn->query($sql) === TRUE) {
echo "record created successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
if (mysqli_query($conn, $sql)) {
echo " record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
}
//$conn->close();
mysqli_close($conn);
?>

There are few errors in your insert query
Remove the semicolen after tell in your insert query
You gave id in values instead of $id
$tell is outside the bracket
$sql = "INSERT INTO registration(id,country,email,password,re_password,compnay,contact,tell) VALUES('$id','$country','$email','$password','$re_password','$compnay','$contact','$tell'");
Im not sure whether that is your problem or it occured your copying your code..because no error was shown

I think you mistake in insert query remove semicolon before VALUES keyword and if id column auto increment then no need to add it in insert query otherwise you need add it properly and ,'$tell' is outside the bracket please make it proper
$sql = "INSERT INTO registration(country,email,password,re_password,compnay,contact,tell) VALUES ('$country','$email','$password','$re_password','$compnay','$contact','$tell')";

I thing you need to add privileges to particular user to insert records. as you have declared $mysqli_username = "admin_try";. now go to localhost/phpmyadmin and then add privileges to particular user!!

You are using $_GET check and for submitting the form which is wrong. It's always recommened to do POST request for form submission.
if (isset($_GET["submitreg"]))
But, later in your code to get the the data you are using $_POST.
$id= mysqli_real_escape_string($conn, $_POST['id']);
Please check your form method in html make it POST and change
if (isset($_GET["submitreg"]))
to
if (isset($_POST["submitreg"]))

Inserting data into two mysql tables using mysql and php

I have two tables named 'Students_tbl' and 'admission'. I want to insert admission number in both tables at the same time such that in the 'students_tbl', it is a foreign key while in the 'admission' table, it is a primary key. The 'students_tbl' has a primary key of "std_index"
I am using one html form.
The codes I have written are outputting an error. Thanks for your replies in advance
Here are the codes
<?php
$manzu =mysqli_connect("localhost","root","MANZu1992", "cdms");
// Check connection
if (!$manzu) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
echo "Please Check your connection. We were unable to connect you to the desired site.";
}
if (isset($_POST['submit'])) {
$identification = mysqli_real_escape_string($manzu, $_POST['iddd']);
$National_Number = mysqli_real_escape_string($manzu, $_POST['national_Numberr];
$sql = "INSERT INTO students_tbl (std_index,std_national_number)
VALUES ('$identification','$National_Number')";
$sql = "INSERT INTO admission (Admission_Number)VALUES($National_Number)";
if (!mysqli_query($manzu,$sql)) {
die('Error: ' . mysqli_error($manzu));
}ELSE {
die ('Thank you for registering');
}
}
?>

You are missing a closing bracket and quote
You're not executing the first query before overwriting $sql
<?php
$manzu =mysqli_connect("localhost","root","MANZu1992", "cdms");
if (!$manzu) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
echo "Please Check your connection. We were unable to connect you to the desired site.";
}
if (isset($_POST['submit'])) {
$identification = mysqli_real_escape_string($manzu, $_POST['iddd']);
$National_Number = mysqli_real_escape_string($manzu, $_POST['national_Numberr']);
$sql = "INSERT INTO students_tbl (std_index,std_national_number) VALUES ('$identification','$National_Number')";
mysqli_query($manzu,$sql);
$sql = "INSERT INTO admission (Admission_Number)VALUES($National_Number)";
if (!mysqli_query($manzu,$sql)) {
die('Error: ' . mysqli_error($manzu));
}else {
die ('Thank you for registering');
}
}
?>

How do I redirect with PHP and save the link in SQL?

I have XAMPP and I want to write a simple PHP page, that redirects me to the link that I specify, and also saves the link in an SQL database.
Let's say I want to visit www.google.com:
I'd visit something like:
localhost:80/redirect.php?url=https://google.com
And PHP would redirect me there and also save the www.google.com link in an SQL table.
Can you help me out?

Considering how you formed your question, it looks as if you had an idea an just want someone to give you the solution without you even making an effort (please correct me if I'm wrong but that's how it seams...)
The task you are trying to achieve is a simple one, and it's only fair to point you in the right direction. your "task" can be broken into several smaller ones:
Create database / table for storing data | PHP Create MySQL Tables
Get URL parameter in PHP
PHP Insert Data Into MySQL
How to make a redirect in PHP
Sorry if this is not the kind-a answer you are looking for, but I figure the point of this website is for people to learn something and not just copy+paste. The provided links can be used to solve your task problem.

This is what I came up with, after MySQLi Object-oriented did not validate this:
$sql = "SELECT * FROM logging WHERE link=$link";
if ($conn->query($sql) === TRUE) {}
It still increments the number of visits sometimes by +2. I don't know why.
<?php
$servername = " ";
$username = " ";
$password = " ";
$dbname = " ";
$datetime = date_create()->format('Y-m-d H:i:s');
$datetime = "'".$datetime."'";
$link_clean = $_GET['link'];
$link = "'".$link_clean."'";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$sql = "SELECT * FROM logging WHERE link=$link";
if ($result = mysqli_query($conn, $sql))
{
if(mysqli_num_rows($result)>0)
{
$sql="UPDATE logging SET last_visit_date = $datetime, visit_count = visit_count + 1 WHERE link=$link";
if (mysqli_query($conn, $sql)) {
$conn->close();
header("Location: https://$link_clean");
exit;
} else {
echo "1Error: " . $sql . "<br>" . mysqli_error($conn);
$conn->close();
exit;
}
}
else
{
$sql="INSERT INTO logging (link, last_visit_date, visit_count) VALUES ($link , $datetime , 1)";
if (mysqli_query($conn, $sql)) {
mysqli_close($conn);
header("Location: https://$link_clean");
exit;
} else {
echo "2Error: " . $sql . "<br>" . mysqli_error($conn);
mysqli_close($conn);
exit;
}
}
}
else
{
echo "3Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
?>

Form Validation in PHP with PREG_MATCH [duplicate]

This question already has answers here:
Warning: preg_replace(): Unknown modifier
(3 answers)
Closed 7 years ago.
I'm sure I'm just doing something stupid but I think I'm close. What I'm trying to do as add validation to my submission. With my current code regardless of what data I enter into the serial field it always comes up with Invalid Serial. Any suggestions?
<?php
$serial=$_POST['serial'];
$model=$_POST['model'];
$deviceCondition=$_POST['deviceCondition'];
$sealCondition=$_POST['sealCondition'];
$location=$_POST['location'];
$deployDate=$_POST['deployDate'];
$weight=$_POST['weight'];
$connectedTerminal=$_POST['connectedTerminal'];
$notes=$_POST['notes'];
//NEW PDO connection
$serialVal = "[a-zA-Z0-9-]+";
if ( preg_match( $serialVal, $serial ) ) {
try{
$conn = new PDO("mysql:host=$sql_server;dbname=$sql_db", $sql_user, $sql_pass);
$sql = "INSERT INTO web01dev4s2.ingenicoInfo (serial, model, deviceCondition, sealCondition, location, deployDate, weight, connectedTerminal, notes) VALUES ('".$serial."', '".$model."', '".$deviceCondition."', '".$sealCondition."', '".$location."', '".$deployDate."', '".$weight."', '".$connectedTerminal."', '".$notes."')";
$q = $conn->prepare($sql);
$result_1=($sql);
$q->execute();
}
catch (PDOException $pe) {
die("Could not connect to the database" . $pe->getMessage());
}
$count = $q->rowCount();
print("Saved $count record(s).\n");
header( "refresh:2;url=devicelist.php" );
}
else {
echo $serial . "Invalid serial number.";
}
?>

You forgot the delimiters "/"
if(preg_match("/[a-zA-Z0-9-]+/", $serial))
echo 'oui';
else
echo 'no';

Categories