SQL Double

[Colourtheory]

I have a box "register" thing which simply inserts a new object into my MySQL table, and it works- BUT it also creates a spare one which is completely blank and has no values or anything. I can give the source, just ask if required.

[Colourtheory]

*Input box, it enters the users input and creates a SQL object with their information

[Ingolme]

It sounds like your PHP script is sending two INSERT queries.

[Colourtheory]

$con = mysql_connect(my sql information is here and works dont worry about that);if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("u486827913_accounts", $con); $sql="INSERT INTO Accounts (Username, Password, Email, Age)VALUES('$_POST[username]','$_POST[password]','$_POST','$_POST[age]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); }echo "1 record added"; mysql_close($con);?> </div></body>

[Ingolme]

There don't seem to be two queries. Another possibility is that you're loading the page without sending a POST request. There are a lot of dangerous security issues on your page.

[Colourtheory]

It's not a public website I'm just trying to learn PHP and SQL.

[Colourtheory]

I'm sending this post request. <form action="insert.php" method="post">Username:<br> <input class="register" type="text" name="username"><br>Lastname:<br> <input class="register" type="text" name="password"><br>Email:<br> <input class="register" type="text" name="email"><br>Age:<br><input class="register" type="text" name="age"<br><input type="submit"></form>

[Ingolme]

If you open insert.php accidentally in your browser it will add an empty entry to your database. That's probably the cause of the extra entries.

[justsomeguy]

The code doesn't check if the form was submitted before adding a record, so every time you open that page it's going to add a record regardless of whether or not there is anything in $_POST.

[Colourtheory]

Oh, so even when it redirects it adds a record?

[Colourtheory]

Would adding NOT NULL to the values stop this?

[Colourtheory]

I fixed it by adding a check box that only lets the script run if it's checked, thanks for the help guys!

[thescientist]

i think all they were saying was you just needed to add something like this to your script, at the least

if(isset($_POST['submit']){  $con = mysql_connect(my sql information is here and works dont worry about that);  if (!$con)  {  die('Could not connect: ' . mysql_error());  }   mysql_select_db("u486827913_accounts", $con);   $sql="INSERT INTO Accounts (Username, Password, Email, Age)  VALUES	('$_POST[username]','$_POST[password]','$_POST[email]','$_POST[age]')"; 	if (!mysql_query($sql,$con)) {	  die('Error: ' . mysql_error());	}   echo "1 record added";    mysql_close($con);}?></div></body>

basically, you should be as agressive as possible with dealing with user input. First off, just using the $_POST['xxx'] value directly is a terrible idea. So make sure the form was submitted at least, sanitize each $_POST param, and then validate each one make sure it is what kind of input you are expecting. Even if you are using JS validation, consider it a convenience to the user, because they could have it turned off, and you need your PHP script to be able to carry the slack.

Edited December 25, 2012 by thescientist