PHP Inserting Duplicates In DB

Question

I'am attempting to build a register page and the current code runs correctly but I'am getting duplicate inserts on the DB side. I've researched and have tried several different solutions but nothing has worked out yet. I'm hoping its something very simple that I'am missing. How can I prevent my current code from inserting twice?

<?php
session_start();
$error=''; // Variable To Store Error Message
if (isset($_POST['register'])) {
//if (empty($_POST['email']) || empty($_POST['hash'])) {
//$error = "<br /> <p style='font-family:talo; color:red; margin-top:10px; font-size:16px;'>* Username or Password is invalid</p>";
//}
//else
//{
// Define all labels on the register form
$firstName=$_POST['firstName'];
$lastName=$_POST['lastName'];
$title=$_POST['title'];
$suffix=$_POST['suffixOne'];
$suffixTwo=$_POST['suffixTwo'];
$email=$_POST['email'];
$employer=$_POST['employer'];
$expertise=$_POST['expertise'];
$hash=$_POST['password'];
$confirmHash=$_POST['passwordConfirm'];
$primaryAddress=$_POST['primaryAddress'];
$secondaryAddress=$_POST['secondaryAddress'];
$city=$_POST['city'];
$state=$_POST['state'];
$zip=$_POST['zip'];
$country=$_POST['country'];
$primaryPhone=$_POST['primaryPhone'];
$secondaryPhone=$_POST['secondaryPhone'];

$connection = mysqli_connect("localhost", "username", "password","DB");


$register = "INSERT INTO user (userID, firstName, lastName, title, suffix, suffixTwo, email, employer, expertise, primaryAddress, secondaryAddress, primaryPhone, secondaryPhone, city, postalCode, hash) 
VALUES (DEFAULT, '$firstName', '$lastName', '$title', '$suffix', '$suffixTwo', '$email', '$employer', '$expertise', '$primaryAddress', '$secondaryAddress', '$primaryPhone', '$secondaryPhone', '$city', '$zip', '$hash')";
if (mysqli_query($connection, $register)) {
   header('Location: index.php');
}
mysqli_close($connection);
}
?>

Your code is open to [SQL Injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Machavity, Feb 26 '16 at 01:12
I'm aware of that, just wanted to make sure the duplication was resolved before continuing. Thanks for the heads up though, I appreciate it! — Tyharo, Feb 26 '16 at 01:37

score 3 · Accepted Answer · answered Feb 26 '16 at 01:14

3

If the page is refreshed, or someone hits it again using the "back" button, the data will get resent to the server and thus get inserted twice. You need to redirect the user to another page, or the same page, using the POST/REDIRECT/GET pattern to avoid this. Sending a 303 HTTP response will tell the browser to replace that page in its history and avoid re-sending the posted data.

if (mysqli_query($connection, $register)) {
    header('Location: index.php', true, 303);
    exit;
}

answered Feb 26 '16 at 01:14

John Conde

217,595
99
455
496

Worked perfectly! It appears I needed the exit; added in the loop. – Tyharo Feb 26 '16 at 01:35
@GragasIncoming just change index.php to be the URL of that page – John Conde Mar 24 '18 at 14:23

PHP Inserting Duplicates In DB

1 Answers1

Linked

Related