0

I have problem in this code. In this code when i press save data button , the data insert into database but when i refresh page then it's automatically insert into database, what should i do in my code then stop automatically insert data into database, thanks in advance

<?php 
require './database/databaseConnection.php';

if(isset($_POST['save_button']))
    {   
    if(($_POST['fname']&&($_POST['lname'])))
        {
        $first_name=$_POST['fname'];
        $last_name=$_POST['lname'];
        $qry="INSERT INTO user_master(first_name,last_name) values('$first_name','$last_name')";
        $result=  mysql_query($qry)or die(mysql_error());
        if($result){           
            echo 'SuccessFully saved data';            
        }
        else{   
            echo 'Data Not Inserted!';            
        }       
        }   
    }
?>

<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title></title>
        <link rel="stylesheet" href="bootStrap/css/bootstrap.min.css">
                <link rel="stylesheet" href="bootStrap/css/bootstrap.css">
    </head>
    <body>
        <div class="container jumbotron ">

            <form action="" method="post">
             <table class="table-responsive">
            <div class="form-group form-inline">

                    <tbody> 
                    <tr>
               <td> <label for="fname" class="label-info">First Name</label></td>
                <td><input class="form-control" type="text" name="fname"></td>

                <td><label for="lname" class="label-info">Last Name</label></td>
                <td><input class="form-control" type="text" name="lname"></td>

                </tr>       
                    </tbody>

            </div>     
             </table>             
                <button type="submit" name="save_button" class="btn-success" >Save Data</button>   
   </form>            

        </div>

    </body>
</html>
user3526020
  • 69
  • 4
  • 12
  • 1
    you could use a unique key, then the dupes get ignored –  Dec 16 '16 at 02:44
  • are you sending data through `ajax`? – Hikmat Sijapati Dec 16 '16 at 02:53
  • this code will not save automaticallyl on refresh. Please post the actual code. Secondly you shouldn't be using mysql_* – e4c5 Dec 16 '16 at 02:56
  • You are wide open to [**SQL injection**](https://www.owasp.org/index.php/SQL_Injection). Also, please [don't use `mysql_*`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php?rq=1); the `mysql_*` functions are outdated, [deprecated](http://us3.php.net/manual/en/intro.mysql.php), and insecure. They were removed entirely in PHP 7. Use [`MySQLi`](http://us3.php.net/manual/en/book.mysqli.php) or [`PDO`](http://us3.php.net/manual/en/intro.pdo.php) instead.* – elixenide Dec 16 '16 at 03:00
  • Possible duplicate of [how to stop reenter data into database when page refresh](http://stackoverflow.com/questions/41169902/how-to-stop-reenter-data-into-database-when-page-refresh) – Mr Lister Dec 19 '16 at 05:33

2 Answers2

2

This is happening because your action is empty

Update your action to this

action="<?php echo $_SERVER['PHP_SELF']; ?>"
ab29007
  • 7,611
  • 2
  • 17
  • 43
1

Make a separate php file that will insert data to database. Give this in the form action attribute.

<form action="insert.php" method="post">
     ......
     ......
</form>

insert.php file

<?php 
require './database/databaseConnection.php';

if(isset($_POST['save_button']))
    {   
    if(($_POST['fname']&&($_POST['lname'])))
        {
        $first_name=$_POST['fname'];
        $last_name=$_POST['lname'];
        $qry="INSERT INTO user_master(first_name,last_name) values('$first_name','$last_name')";
        $result=  mysqli_query($qry)or die(mysql_error());
        if($result){           
            echo 'SuccessFully saved data';            
        }
        else{   
            echo 'Data Not Inserted!';            
        }       
        }   
    }
?>

You can use header() to redirect to your previous page if you want. Thus not allowing the refreshing of insert.php

header("location: your_page.php");

it will be safe if you use Prepared Statements Take a look

jophab
  • 5,356
  • 14
  • 41
  • 60