Insert same data into database

Question

I have a web-based form that accepts student information. After I've Inserted data I want it to be still available even if I refresh the browser It would mean that 2 rows are the same but I dont want to insert the same data again. How can this be possible?

My code are here:

<form method="post" action="insert.php" >
    <table>
        <tr>
            <td width="22%"> Name</td>
            <td width="4%"></td>
            <td width="74%"><input type="text" name="name"  > </td>
        </tr>
        <tr>
            <td>Information </td>
            <td></td>
            <td><input type="text" name="infomn" ></td>
        </tr>
        <tr>
            <td>Email </td>
            <td></td>
            <td><input type="text" name="email" ></td>
        </tr>
        <tr>
            <td>Password </td>
            <td></td>
            <td><input type="password" name="password" ></td>
        </tr>
        <tr>  
            <td colspan="3"> </td>
        </tr>
        <tr>
           <td></td>
           <td></td>
           <td ><input type="submit" name="submit" value="Insert"  >
        </td>
        </tr>
    </table>
</form>

insert.php:

include("connect.php");

if($_POST['submit']){

    $name=$_POST[name];
    $info=$_POST[infomn];
    $emal=$_POST[email];
    $password=$_POST[password];

    $query = "insert into student(name,designation,email,password) values('$name','$info','$emal','$password')";

    mysql_query($query) or die("not successfully insert".mysql_error());

?>}

Answer 1

I would check if your values have been filled before attempting to insert your data.

if ($_POST['name']) {
    //Validate, escape, insert...
} else {
    //Display form...
}

Please please please make sure the data you insert into the database is escaped, especially if you're working with student data.

Answer 2

At the moment it looks like this:

1. Info is posted to insert.php
2. You are located in insert.php and the variables posted exist aswell.
3. The database execution is performed with the existing data.
4. You refresh.
5. You never really leave the page because the refresh makes you go to the same page, so the browser assumes that the posted data should not be deleted but used again.

To avoid this, you must add

header("Location: index.php");

Or some similar code, to make sure that the user won't stay on the same page after the database execution is performed.

Answer 3

Browser refresh posts the last action (again) to the server.

Use the Post/Redirect/Get pattern (http://en.wikipedia.org/wiki/Post/Redirect/Get) i.e. redirect always after successful action (in your case database insert).

Answer 4

insert.php:

include("connect.php");

if(isset($_POST['submit'])) { // put isset() for checking if it submitted or not

$name=$_POST['name'];

$info=$_POST['infomn'];

$emal=$_POST['email'];

$password=$_POST['password'];


$query = "insert into student(name,designation,email,password)

          values('$name','$info','$emal','$password')";

if(mysql_query($query)) {
 header('Location:your_form_page.php'); // redirect to avoid inserting data while refreshing
}else { 
mysql_error() };

}

recommendation : Try use PDO How can I prevent SQL injection in PHP?