PHP Mysql New Row Inserted into database table every time i refresh the page

Question

I am creating a website with shopping cart, I managed successively add items to basket, but i want the baskets in items to be inserted into orders table in my database at the same time, which works but every time i refresh a page or move around different pages the same items that are currently inside the basked are constantly inserted.

I am allow user to delete items from basket but again i want the same to happen in my database table.

Here is my code please analyze it and point out a solution THX.

cart.php:

if (isset($_GET['add'])){
    $quantity = mysql_query('SELECT product_id, product_qua FROM products WHERE product_id='.$_GET['add']);
    while($quantity_row = mysql_fetch_assoc($quantity)){
        if($quantity_row['product_qua'] !=$_SESSION['cart_'.$_GET['add']]){
            $_SESSION['cart_'.$_GET['add']]+='1'; 
        }
    }
}

if (isset($_GET['add'])){
    $qq = mysql_query('SELECT * FROM users');
    while($user_rows = mysql_fetch_assoc($qq)){
        $grr = $_SESSION['username'];
        if($user_rows['username'] == $grr){
        $z = $user_rows['first_name'];
        $zz = $user_rows['last_name'];
            }
        }
    $q = mysql_query('SELECT product_name, product_qua, product_price from products WHERE product_id='.$_GET['add']);
    while($prod_rows = mysql_fetch_assoc($q)){

        $x = $prod_rows['product_name'];
        $xx = $prod_rows['product_price'];
        $xxx = $prod_rows['product_qua'];

        $order = "INSERT INTO orders (order_user_first_name, order_user_last_name, order_product_name, order_product_price, order_product_quantity ) VALUES ('$z','$zz','$x','$xx','$xxx')";
        mysql_query($order);
    }


}



if(isset($_GET['remove'])){
    $_SESSION['cart_'.$_GET['remove']]--;
}

The above code is not all the code from the file but the parts that are responsible of what I am trying to implement

Regards

Please read [this](http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php), because you current code is vulnerable to SQL injection. — PeeHaa, Mar 20 '13 at 19:45
34 questions asked and only 8 answers did help you? that is a bit improbable. with such a stats not many would/should even dare to help you... — ITroubs, Mar 20 '13 at 19:45
it sounds like you're passing variables around in the url and as you browse the site, those variables are continuing to be passed around. perhaps you should perform a re-direct once the item has been added, so it doesn't maintain the vars? — Joshua Burns, Mar 20 '13 at 19:45
@JoshuaBurns redirecting some how worked :o so thx for your suggestion much appreciated........I am aware of mysql injections I 1st want to get things working, what i do i create one functionality make sure it works the i improve the code the i move on to another bit AND last but NOT least ITrobus I see u did ur homework CONGRATULATIONS apply for FBI..........and on the serious side how can i accept some answers that do not fix my issue :) — Tomazi, Mar 20 '13 at 20:17
@JoshuaBurns not a problem give me a upvote at list in riturn if u wish so :P regards and thx once again — Tomazi, Mar 20 '13 at 22:29

score 2 · Accepted Answer · answered Mar 20 '13 at 20:44

2

It sounds like you're passing variables around in the URL and as you browse the site, those variables are continuing to be passed around. Perhaps you should perform a re-direct once the item has been added, so it doesn't maintain the vars?

answered Mar 20 '13 at 20:44

Joshua Burns

8,268
4
48
61

score 1 · Answer 2 · answered Mar 20 '13 at 19:45

1

Here is the thing, your code does exactly what you tell it to do. You are using $_GET and instead you are posting data into database.

The way i use $_GET is when i need to select data or retrieve data from server. I use $_POST when i need to post data to the server.

Solution to your problem is to have a script that you POST data into and then have a redirect back to avoid re-insertion into Table.

answered Mar 20 '13 at 19:45

GGio

7,563
11
44
81

ok well changing from get to post did not work but.....but redirecting seems to solve the problem `header('Location: userhome.php');` – Tomazi Mar 20 '13 at 20:14

score 0 · Answer 3 · answered Mar 20 '13 at 19:44

0

Should you try $_POST instead of $_GET maybe?

answered Mar 20 '13 at 19:44

Sorceress Stabber Thomas

67
1
14

ok well changing from get to post causes more problems such as erros an no insertion – Tomazi Mar 20 '13 at 20:13

score -1 · Answer 4 · edited Apr 09 '17 at 02:52

-1

Use $_GET instead $_POST.

Solution to your problem is to have a script that you POST data into and then have a redirect back to avoid re-insertion into Table.

edited Apr 09 '17 at 02:52

GregorMohorko

2,739
2
22
33

answered Apr 08 '17 at 22:00

KAIRM

1

This question is four years old. Your "answer" is little more than a cut and paste of a paragraph from GGio's answer. – andrewsi Apr 09 '17 at 03:09

PHP Mysql New Row Inserted into database table every time i refresh the page

4 Answers4