Colourtheory Posted December 18, 2012 Share Posted December 18, 2012 I have a box "register" thing which simply inserts a new object into my MySQL table, and it works- BUT it also creates a spare one which is completely blank and has no values or anything. I can give the source, just ask if required. Link to comment Share on other sites More sharing options...
Colourtheory Posted December 18, 2012 Author Share Posted December 18, 2012 *Input box, it enters the users input and creates a SQL object with their information Link to comment Share on other sites More sharing options...
Ingolme Posted December 18, 2012 Share Posted December 18, 2012 It sounds like your PHP script is sending two INSERT queries. Link to comment Share on other sites More sharing options...
Colourtheory Posted December 18, 2012 Author Share Posted December 18, 2012 $con = mysql_connect(my sql information is here and works dont worry about that);if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("u486827913_accounts", $con); $sql="INSERT INTO Accounts (Username, Password, Email, Age)VALUES('$_POST[username]','$_POST[password]','$_POST','$_POST[age]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); }echo "1 record added"; mysql_close($con);?> </div></body> Link to comment Share on other sites More sharing options...
Ingolme Posted December 18, 2012 Share Posted December 18, 2012 There don't seem to be two queries. Another possibility is that you're loading the page without sending a POST request. There are a lot of dangerous security issues on your page. Link to comment Share on other sites More sharing options...
Colourtheory Posted December 18, 2012 Author Share Posted December 18, 2012 It's not a public website I'm just trying to learn PHP and SQL. Link to comment Share on other sites More sharing options...
Colourtheory Posted December 18, 2012 Author Share Posted December 18, 2012 I'm sending this post request. <form action="insert.php" method="post">Username:<br> <input class="register" type="text" name="username"><br>Lastname:<br> <input class="register" type="text" name="password"><br>Email:<br> <input class="register" type="text" name="email"><br>Age:<br><input class="register" type="text" name="age"<br><input type="submit"></form> Link to comment Share on other sites More sharing options...
Ingolme Posted December 18, 2012 Share Posted December 18, 2012 If you open insert.php accidentally in your browser it will add an empty entry to your database. That's probably the cause of the extra entries. Link to comment Share on other sites More sharing options...
justsomeguy Posted December 18, 2012 Share Posted December 18, 2012 The code doesn't check if the form was submitted before adding a record, so every time you open that page it's going to add a record regardless of whether or not there is anything in $_POST. Link to comment Share on other sites More sharing options...
Colourtheory Posted December 19, 2012 Author Share Posted December 19, 2012 Oh, so even when it redirects it adds a record? Link to comment Share on other sites More sharing options...
Colourtheory Posted December 19, 2012 Author Share Posted December 19, 2012 Would adding NOT NULL to the values stop this? Link to comment Share on other sites More sharing options...
Colourtheory Posted December 19, 2012 Author Share Posted December 19, 2012 I fixed it by adding a check box that only lets the script run if it's checked, thanks for the help guys! Link to comment Share on other sites More sharing options...
thescientist Posted December 25, 2012 Share Posted December 25, 2012 (edited) i think all they were saying was you just needed to add something like this to your script, at the least if(isset($_POST['submit']){ $con = mysql_connect(my sql information is here and works dont worry about that); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("u486827913_accounts", $con); $sql="INSERT INTO Accounts (Username, Password, Email, Age) VALUES ('$_POST[username]','$_POST[password]','$_POST[email]','$_POST[age]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con);}?></div></body> basically, you should be as agressive as possible with dealing with user input. First off, just using the $_POST['xxx'] value directly is a terrible idea. So make sure the form was submitted at least, sanitize each $_POST param, and then validate each one make sure it is what kind of input you are expecting. Even if you are using JS validation, consider it a convenience to the user, because they could have it turned off, and you need your PHP script to be able to carry the slack. Edited December 25, 2012 by thescientist Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now