PHP Form adds blank Row in Database every time I refresh the page

Question

I created a simple form in PHP so I can add the submitted data to a database. The connection works fine but every time I refresh the form page, it adds a blank Row into the Database. Also, it shows an error message "Undefined index: Fname in C:\xampp\htdocs\projekt\submitform.php on line 38"

Here is the code I've written so far:

<?php include 'config.php'; ?>

<?php

$Fname = isset($_POST['Fname'])?$_POST['Fname']:'';
$Lname = isset($_POST['Lname'])?$_POST['Lname']:'';
$Email = isset($_POST['Email'])?$_POST['Email']:'';
$PhoneNo = isset($_POST['PhoneNo'])?$_POST['PhoneNo']:'';


$query = "INSERT INTO users(Fname,Lname,Email,PhoneNo) VALUES ('$Fname','$Lname','$Email','$PhoneNo')";
$result = mysqli_query($con,$query) or die ("problem inserting data into database");

?>
<p><span class="error">* required field</span></p>

<form action = "" method = "post">
Name: <input type = "text" name = "Fname">
<span class=error>*</span><br>
Surname: <input type="text" name="Lname">
<span class=error>*</span><br>
Email: <input type = "email" name = "Email">
<span class=error>*</span><br>
Phone Number: <input type = "tel" name="PhoneNo"><br>
<input type = "submit" value="submit">
</form>

Prevent SQL injection: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php — Mihai Matei, Apr 26 '18 at 08:38
You need to determine whether the user has submitted the form before doing an insert. Test `$_SERVER['REQUEST_METHOD']`. — Progrock, Apr 26 '18 at 08:45

score 1 · Answer 1 · answered Apr 26 '18 at 08:37

you need to check if there is POST variables like this:

if (isset($_POST['Fname'])) { //here you can check whatever post values you want to check
   $Fname = $_POST['Fname'];
   $Lname = $_POST['Lname'];
   $Email = $_POST['Email'];
   $PhoneNo = $_POST['PhoneNo'];


   $query = "INSERT INTO users(Fname,Lname,Email,PhoneNo) VALUES 
   ('$Fname','$Lname','$Email','$PhoneNo')";
   $result = mysqli_query($con,$query) or die ("problem inserting data into 
   database");
}

Because every time you visit the page it try to insert record, but you need to insert record only if there is post values (means that someone as fill the form)

so you need to check if the refresh comes from a form submit

Brainfeeder · Accepted Answer · 2018-04-26T08:44:21.473

1

You should 'listen' for a post request and only then insert the values.

<?php
    if(isset($_POST['submit'])) {
        $Fname = $_POST['Fname'];
        $Lname = $_POST['Lname'];
        $Email = $_POST['Email'];
        $PhoneNo = $_POST['PhoneNo'];


        $query = "INSERT INTO users(Fname,Lname,Email,PhoneNo) VALUES ('$Fname','$Lname','$Email','$PhoneNo')";
        $result = mysqli_query($con,$query) or die ("problem inserting data into database");

    }
?>

That error you got was telling you there was no post data set.

Please note that directly using the input data for SQL is a huge security risk! You should at least use mysqli and mysqli_real_escape_string($Fname) when storing the input data.

Even more secure would be using PDO and prepared statement.

edited Apr 26 '18 at 08:44

answered Apr 26 '18 at 08:38

Brainfeeder

2,604
2
19
37

Yes, thank you. Adding the line you suggested worked perfectly. – Daphne Apr 26 '18 at 08:54
Glad I could help. Accept the answer if it was solution please :) – Brainfeeder Apr 27 '18 at 09:38

PHP Form adds blank Row in Database every time I refresh the page

2 Answers2