Inserting data by PHP and MySQL

Question

It's working, but when I add the data in to my database, the data will be twice. I don't know if my syntax is wrong or my code is wrong.

Here's the structure:

//if submit is clicked
$checkin = $_POST['text_checkin'];
while ($row = mysqli_fetch_array($reservation)) { 
    if (isset($_POST['submitBtn'])) {
        if ($row['reservefrom'] == $checkin) { 
            echo "Same Date";
            return;
        }  
        else
        {
            $lastname = $_POST['text_lastname'];
            $firstname = $_POST['text_firstname'];
            $address = $_POST['text_address'];
            $tnumber = $_POST['text_tnumber'];
            $cnumber = $_POST['text_cnumber'];
            $email = $_POST['text_email'];
            $checkin = $_POST['text_checkin'];
            $checkout = $_POST['text_checkout'];
            $room = $_POST['text_room'];
            $tour = $_POST['text_tour'];
            $guest = $_POST['text_guest'];

            $query = "INSERT INTO reservation 
                            (lastname, firstname, homeaddress, 
                            telephonenumber, cellphonenumber, email, 
                            reservefrom, reserveto, room, tour, 
                            guestnumber) 
                    values ('$lastname', '$firstname', '$address', 
                            '$tnumber', '$cnumber', '$email', '$checkin', 
                            '$checkout', '$room', '$tour', '$guest')";

            mysqli_query($db, $query);
            echo "Data Submitted!";
        }
    }
}

could be that your reversevation run two time for the same values — ScaisEdge, Aug 30 '17 at 16:58
That probably happens because you are executing the query inside a `while`. — DontVoteMeDown, Aug 30 '17 at 16:58
@DontVoteMeDown what im gonna do? I dont know how to change that. — Dave Spencer, Aug 30 '17 at 16:59
It would probably be helpful to see that logic that creates `$reservation` and to know what the relation is between that and doing an insert. — Patrick Q, Aug 30 '17 at 17:02
Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). — John Conde, Aug 30 '17 at 17:10
Note: The object-oriented interface to `mysqli` is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface. Before you get too invested in the procedural style it’s worth switching over. Example: `$db = new mysqli(…)` and `$db->prepare("…”)` The procedural interface is an artifact from the PHP 4 era when `mysqli` API was introduced and should not be used in new code. — tadman, Aug 30 '17 at 17:24

score 0 · Answer 1 · answered Aug 30 '17 at 17:18

You're getting multiple inserts because you are looping for each record in $reservations. You should first look into why you are getting multiple records if you expected just a single record reservation.

That aside, alter your code by replacing your while loop with:

if(isset($_POST['submitBtn']) && $row = mysqli_fetch_array($reservation)){

  if($row['reservefrom'] == $checkin) die("Same Date");

  $lastname = $_POST['text_lastname'];
  $firstname = $_POST['text_firstname'];
  // ... other values, then execute your query  

}else{
  // either submitBtn was not posted or no result were found in $reservation
}

I noticed also that you use return in your code, but the code doesn't seem to be within a function so that's confusing. If it is within a function, it's probably a bad idea to echo from within unless the function is specifically meant to send data directly to the browser.

Inserting data by PHP and MySQL

1 Answers1