1

How can I clear the form data, after the data has been submitted and inserted into the database? So the user cannot press back and refresh to reenter data after it has been submitted, because at the moment they can. Also please ignore the MYSQL root login, it is just for testing purposes.

This is my code

<?php
session_start();
 if (isset($_POST['sub'])) {
$host='localhost';
$user='root';
$pass='';
$db='theatre_booking';

$con=mysqli_connect($host,$user,$pass,$db);

$row = $_POST['row'];
$_SESSION["row"]=$row;  

$zone = $_POST['zone'];
$_SESSION["zone"]=$zone;

$quantity = $_POST['qty'];
$_SESSION["qty"]=$quantity;

$quantity = $_POST['quotation'];
$_SESSION["quotation"]=$quantity;


$sql="INSERT INTO booking(PerfDate, PerfTime, Name, Email, RowNumber) 
VALUES (
    '{$_SESSION['date']}',
    '{$_SESSION['time']}',
    '{$_SESSION['name']}',
    '{$_SESSION['email']}',
    '{$_SESSION['row']}')";

    if ($con->query($sql) === TRUE) {
    echo "Booking successful";
} else {
    echo "Error: " . $sql . "<br>" . $con->error;
    }

}






?>

<!------------------------------------------------------------------------------------>
<DOCTYPE! html>
<html>
<head>
    <meta charset="uft-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"">
    <meta name= "viewport" content="width=device-width, initial-scale=1.0"> 
    <link href="style/styles.css" type="text/css" rel="stylesheet">


</head>
<body>

        <h2 id="siteTitle">Westend</h2>
        <nav>
            <ul class="main_menu">
                <li><a href="index.php">Home</a></li>
                <li><a href="booking.php" >Booking</a></li>
            </ul>
        </nav>

    <!--Image shown in the background after booking is confirmed-->
    <div><img src="images/curtains.jpg" id="open"/> 
        <!--Booking confirmation message the user sees-->
        <div id="process">
            </br>Hi <?php echo "'".$_SESSION['name']."'"; ?></br>
            Your tickets have been booked for <?php echo "'".$_SESSION['production']."'";?>  
            </br>Playing on <?php echo "'".$_SESSION['date']."'";?> at <?php echo "'".$_SESSION['time']."'";?> </br>
            You are in <?php echo $_POST["zone"];?> in row <?php echo $_POST["row"];?></br>
            The total cost is £<?php echo $_POST["quotation"];?></br>
            Confirmation of your booking has been sent to: <?php echo "'".$_SESSION['email']."'"; ?></br>
            </br>
            Enjoy the show!
            </br>
    </div>
</div>


<!--Footer-->

<footer>
    <p class="pageBottom">&copy Westend 2015</p>
</footer>




</body>
</html>
YasMan
  • 35
  • 8
  • Why you put this values in $_SESSION ? Use simple variables and you'll fix the problem. P.S I suggest you to do some controls in the $_POST variables to avoid sql injection attacks – Alessandro.Vegna Dec 06 '15 at 12:28
  • Hi @Alessandro.Vegna the $_Session are holding the values collected from previous pages of the form, so were carried over. And how do I add controls to $_POST variables? – YasMan Dec 06 '15 at 12:31
  • for the controls just have a look here http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php. Ok, so you can add an if like _if(isset($_POST["row"] && !empty($_POST["row"]))_ after the $sql = .... – Alessandro.Vegna Dec 06 '15 at 12:36
  • Another suggestion instead use use = $_SESSION["name"] ?> it's more readable. I think you have to activate short_open_tags in your php.ini – Alessandro.Vegna Dec 06 '15 at 12:44
  • Thanks @Alessandro.Vegna – YasMan Dec 06 '15 at 12:48
  • Did it work ? You're welcome ;) – Alessandro.Vegna Dec 06 '15 at 13:07
  • @Alessandro.Vegna I get this error "Parse error: syntax error, unexpected 'if' (T_IF) in C:\xampp\htdocs\westend\process.php on line 24" – YasMan Dec 06 '15 at 13:17

1 Answers1

1

I'll answer here so can i add some code

if(isset($_POST["row"] && !empty($_POST["row"]){

   $sql="INSERT INTO booking(PerfDate, PerfTime, Name, Email, RowNumber) 
   VALUES (
   '{$_SESSION['date']}',
   '{$_SESSION['time']}',
   '{$_SESSION['name']}',
   '{$_SESSION['email']}',
   '{$_SESSION['row']}')";

  if ($con->query($sql) === TRUE) {
     echo "Booking successful";
  } else {
    echo "Error: " . $sql . "<br>" . $con->error;
  }
}
Alessandro.Vegna
  • 1,262
  • 10
  • 19