Every time i refresh page it inserts same user into database

Question

Here is PHP code

<?php
if(isset($_POST['Murad'])){
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$userName=$_POST['username'];
$password=$_POST['pwd1'];
$userName = stripslashes($userName);
$password = stripslashes($password);
$email=$_POST['email'];
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "123";
$mysql_databse = "websiteusers";
$prefix = "";
$bd = mysqli_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
$sql = "INSERT INTO websiteusers 
       (fullname,lastname,userName,email,pass) 
       VALUES ( '$firstname', '$lastname','$userName', '$email','$password')";
        mysqli_select_db($bd,'websiteusers');
$retval = mysqli_query($bd,$sql );
if(! $retval )
{
  die('Could not enter data: ');
  return false;
}
else {echo "Entered data successfully\n";
   }

   $usernamecheck=mysqli_query($bd,"SELECT `userName` FROM `websiteusers` 
                             WHERE userName='$userName'");
if(mysqli_num_rows($usernamecheck)>=1){
   echo $userName." is already taken";
 return false;
 }header("Location: Main.php");}

?>

User registers then when he is in his profile page as soon as he refreshes it inserts same username again.And also username and email are unique in my dt it cant insert it and gives an error

Answer 1

What you are doing right now is you insert a user in the DB and after that you perform a check if the user exists. You'll have to move some code around.

$bd = mysqli_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
 $usernamecheck=mysqli_query($bd,"SELECT `userName` FROM `websiteusers` 
                             WHERE userName='$userName'");
if(mysqli_num_rows($usernamecheck)>=1){
   echo $userName." is already taken";
 } else {
$sql = "INSERT INTO websiteusers 
       (fullname,lastname,userName,email,pass) 
       VALUES ( '$firstname', '$lastname','$userName', '$email','$password')";
        mysqli_select_db($bd,'websiteusers');
$retval = mysqli_query($bd,$sql );
if(! $retval )
{
  die('Could not enter data: ');
}
else {
    echo "Entered data successfully\n";
}
}
    }

This way you first check if the user already exists. If does - you kill the script and the code after is not executed. Otherwise you insert a user in the DB

Answer 2

What you can do is after the form has submitted successfully,

you can reset the form

or

redirect the user to the same page

if(! $retval )
{
  die('Could not enter data: ');
  return false;
}
else {
    echo "Entered data successfully\n";
     header("Location:samepagename.php");

   }

TO reset the form

      this.form.reset(); 

call this after form has successfully submitted

Answer 3

Try this:

<?php
    if(isset($_POST['Murad'])) {
        $firstname=$_POST['firstname'];
        $lastname=$_POST['lastname'];
        $userName=$_POST['username'];
        $password=$_POST['pwd1'];
        $userName = stripslashes($userName);
        $password = stripslashes($password);
        $email=$_POST['email'];
        $mysql_hostname = "localhost";
        $mysql_user = "root";
        $mysql_password = "123";
        $mysql_databse = "websiteusers";
        $prefix = "";

        $link = new PDO('mysql:dbhost='.$mysql_hostname.';dbname='.$mysql_database,$mysql_user, $mysql_password);
        $unamecheck = ("SELECT userName FROM websiteusers WHERE userName = :uname");
        $unamecheck = $link->prepare($unamecheck);
        $unamecheck->execute(array(':uname'=>$userName));
        if($unamecheck->rowCount() > 0) {
            echo "Username taken";
            die();
        } else {
            $add = ("INSERT INTO websiteusers (fullname, lastname, userName, email, pass) VALUES (:fname, :lname, :uname, :pass)");
            $add = $link->prepare($add);
            $add->execute(array(':fname'=>$firstname, ':lname'=>$lastname, ':uname'=>$userName, ':pass'=>$password));
            if($add->rowCount() > 0) {
                echo "Registration successful";
                header("Location: Main.php");
            } else {
                echo "Registration failed";
            }
        }
    }
?>