0

I have a little problem with my PHP code and database. Every time i refresh the page, a new empty row is being added to the database also when i open the page, what is the problem?

<?php
if (isset($_POST)) {
    $con = mysql_connect("localhost","dwarfmaster","");

    if (!$con) {
        die('Could not connect: ' . mysql_error());
    }

    mysql_select_db("my_dwarfmaster", $con);

    $name = $_POST['name'];
    $release_year = $_POST['release_year'];
    $publisher = $_POST['publisher'];
    $genre = $_POST['genre'];

    $sql = "INSERT INTO gamelist (name, release_year, publisher, genre)
        VALUES
        ('$_POST[name]','$_POST[release_year]',
        '$_POST[publisher]','$_POST[genre]')";

    if (!mysql_query($sql, $con)) {
        die('Error: ' . mysql_error());
    }

    echo "1 record added";

    mysql_close($con);
}
?>
oz123
  • 27,559
  • 27
  • 125
  • 187
user3752656
  • 3
  • 2
  • 1
    I'll take a wild guess and say that you have your form in the same page. Use `isset()` against a (named) submit button. – Funk Forty Niner Jun 18 '14 at 13:16
  • 3
    [Please, don't use `mysql_*` functions in new code](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). **You are also wide open to [SQL injections](http://stackoverflow.com/q/60174)** – John Conde Jun 18 '14 at 13:16
  • Check `isset` and `empty` the `$_POST` – Bora Jun 18 '14 at 13:16
  • $_POST is always going to be set. If no data was posted, it will just be an empty array. As Bora suggested, you will need to check if empty() – cwurtz Jun 18 '14 at 13:20
  • $_POST always exists, it's just empty if no data is posted. Use !empty () instead of isset (). By the way, your code is WIDE OPEN to SQL injection attacks. http://xkcd.com/327/ – GordonM Jun 18 '14 at 13:21
  • I meant to add `if(empty())` which is (also) what needs to be done. Plus as John noted. You have more than enough information to get things done (right). Plus, being nested inside inside an `if(isset($_POST['submit_button'])){...}` for the submit button, to prevent from being accidentally submitted. A header could be used also to redirect to another page. – Funk Forty Niner Jun 18 '14 at 13:23
  • You can create a hidden fields and put a value in that..then use if(isset($_POST['your hidden field name'])) – user3244721 Jun 18 '14 at 13:23
  • Quick sidenote: if you refresh this page after submitting, the POST data is submitted again and it will insert new rows. – ffflabs Jun 18 '14 at 13:23

4 Answers4

1

to check if the request method is post, use:

if ($_SERVER['REQUEST_METHOD'] == 'POST')

if(isset($_POST)) will always return true

Steve
  • 20,703
  • 5
  • 41
  • 67
0

you can add the following code-:

if( !empty(array_filter($_POST)) ) { . . Code to insert data into data base from form . . }

Mageotron
  • 155
  • 1
  • 8
0
    if (isset($_POST))

will always return true !

try 

    if (isset($_POST['name'])&&isset($_POST['release_year'])
             &&isset($_POST['publisher'])&&isset($_POST['genre']))

instead to check each time for each and every variable !

Younes Regaieg
  • 4,156
  • 2
  • 21
  • 37
0

or simply change 

if (isset($_POST))

to

if (isset($_POST['name']))
Unlink
  • 973
  • 1
  • 7
  • 14