PHP-Mysql query unnecessarily inserting data twice

Question

This problem i am facing is quite unusual to me. What i am actually trying to do is inserting data into mysql database table through the HTML form.

I have a database and i am trying to insert data into it but it always shows that "duplicate entry error".

the problem is despite checking that the information i'm entering is unique it shows that error.When i check my database table i can see that every time the entries are incrementing the id by 2. I have no idea why is my query inserting data twice and making the primary key increment by 2 and Please help i want every thing to be normal.

I can't fix it please help me.

here is my html code for the form

<form class="form-horizontal" name="RegisterCandidate" action="../processors/process_register_candidate.php" method="post" enctype="application/x-www-form-urlencoded">
        <div class="form-group">
            <label for="Fname" class="control-label col-sm-4">
                First Name
            </label>
            <div class="col-sm-8">
                <input type="text" class="form-control" name="Fname" tabindex="1" autofocus required placeholder="First Name" />
            </div>
        </div>

        <div class="form-group">
            <label for="Lname" class="control-label col-sm-4">
                Last Name
            </label>
            <div class="col-sm-8">
                <input type="text" class="form-control" name="Lname" tabindex="2"  required placeholder="Last Name" />
            </div>
        </div>

        <div class="form-group">
            <label for="Photo" class="control-label col-sm-4">
                Photograph
            </label>
            <div class="col-sm-8">
                <input type="file" class="form-control" name="Photo" tabindex="3" placeholder="Select Photo" />
            </div>
        </div>
        <div class="form-group">
            <label for="DOB" class="control-label col-sm-4">
                Date of Birth (DD-MM-YYYY)
            </label>
            <div class="col-sm-8">
                <input type="date" class="form-control" name="dob" tabindex="4"  required />
            </div>
        </div>

        <div class="form-group">
            <label for="password" class="control-label col-sm-4">
                Password
            </label>
            <div class="col-sm-8">
                <input type="password" class="form-control" name="password" tabindex="5"  required placeholder="Password" />
            </div>
        </div>

        <div class="form-group">
            <label for="contact" class="control-label col-sm-4">
                Contact No.
            </label>
            <div class="col-sm-8">
                <input type="tel" class="form-control" name="contact" tabindex="6"  required placeholder="Contact Number" />
            </div>
        </div>
        <button type="submit" name="register" class="btn btn-success" style="float:right; margin-right:30%;">
            Register
        </button>
    </form>

here is the copy of my php-mysql code

<?php
require_once "../web_config/web.config.php";

$conn = connect();

$fname = $_POST["Fname"];
$lname = $_POST["Lname"];
$dob = $_POST["dob"];
$password = $_POST["password"];
$contact = $_POST["contact"];

$insert = " INSERT INTO `candidates`
(
`Fname`,
`Lname`,
`dob`,
`password`,
`contact`
) VALUES (
'$fname',
'$lname',
'$dob',
'$password',
'$contact'
)
";
try{
    $st = $conn->query($insert);
    $st->execute();
} catch(PDOException $e) {
    echo "//Failed to insert data due to ".$e->getMessage();
}
echo $fname." ".$lname;
#header("Location:../src/student_login.php");

?>

please help me out with this. Thank you.

`execute` is used if a statment was prepared, but `query` dirctly runs the sql. — JustOnUnderMillions, Mar 10 '17 at 13:44
And please read this http://stackoverflow.com/questions/1054022/best-way-to-store-password-in-database — JustOnUnderMillions, Mar 10 '17 at 13:45
No I'm not using it in a live environment. Was just practicing. I'm actually new to php. — IVAN PAUL, Mar 10 '17 at 21:37

score 3 · Accepted Answer · answered Mar 10 '17 at 14:37

So, there's a few problems here..

$conn->query as mentioned will directly run the code therefore execute is redundant however, you're wide open for SQL Injections therefore you should bind such as my example below:

$stmt = $this->conn->prepare("INSERT INTO `candidates`(`Fname`,`Lname`,`dob`,`password`,`contact`) VALUES (?,?,?,?,?)");
$stmt->execute([$fname,$lname,$dob,$password,$contact]);

Also, you shouldn't be running a try { } catch {} on generic queries such as this (especially if you're on a live environment as everybody will be able to see such problems as well as yourself).

On a side note, adding the password in unencrypted is also leaving you with security issues. You should take a look at using password_hash documentation: http://php.net/manual/en/function.password-hash.php

Thank you so much... My issue is resolved and would also like to thank you for your advice on some security issues you mentioned. I would definitely look to them. Thanks once again. — IVAN PAUL, Mar 10 '17 at 21:35

kuldeep singh · Answer 2 · 2017-03-10T14:10:22.123

1

try{
    $st = $conn->query($insert);
    $st->execute();
} catch(PDOException $e) {
    echo "//Failed to insert data due to ".$e->getMessage();
}

in this code you are executing your $conn->query($insert); is enough for insertion $st holds only the result of insert query it is not a prepared statement remove

$st->execute();

edited Mar 10 '17 at 14:10

answered Mar 10 '17 at 13:50

kuldeep singh

31
4

PHP-Mysql query unnecessarily inserting data twice

2 Answers2