0

I want to do simple CRUD operations. I created a form for this and I am doing data entry. but when I refresh the page it automatically registers itself. I tried to solve this logic error with the "isset" function, but it did not. where can the error be?

$ad = isset($_POST['ad']) ? $_POST['ad'] : '';
$soyad = isset($_POST['soyad']) ? $_POST['soyad'] : '';
$adres = isset($_POST['adres']) ? $_POST['adres'] : '';
$tur = isset($_POST['tur']) ? $_POST['tur'] : '';


if(isset($_POST["submit"])){


    try {
        $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
        // bağlantı özelliklerinden hata modunu aktifleştirdik
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $sql = "INSERT INTO `kisiler` (`ad`, `soyad`, `adres`, `tur`) VALUES ('$ad', '$soyad', '$adres', '$tur')";
        // use exec() because no results are returned
        $conn->exec($sql);
        echo "işte şimdi oldu";
        }
    catch(PDOException $e)
        {
        echo $sql . "<br>" . $e->getMessage();
        }

    $conn = null;
    }

<html>
    <body>
        <form action="" method="POST">
        <p> 
        Ad:    <input type="text" name="ad"/>
        Soyad: <input type="text" name="soyad"/>
        Adres:<input type="text" name="adres"/>
        Tur: <input type="text" name="tur"/>
        <input type="submit"name="submit"/>
        </p>
        </form>
    </body>

Samet Öz
  • 15
  • 6
  • `$conn = null; } ` - is there not a closing `?>` tag here? – Funk Forty Niner Apr 26 '18 at 22:33
  • 1
    What do you mean when you say it register itself, the form get resubmited when you refresh? Is that the problem you are dealing with? – Lou Apr 26 '18 at 22:41
  • You're already using an API that supports **prepared statements** with bounded variable input, you should utilize parameterized queries with placeholders (prepared statements) to protect your database against [SQL-injection](http://stackoverflow.com/q/60174/)! Get started with [`PDO::prepare()`](http://php.net/pdo.prepare) and [`PDOStatement::bindParam()`](http://php.net/pdostatement.bindparam). – Qirel Apr 26 '18 at 22:48
  • Enable PHP error reporting by adding `error_reporting(E_ALL); ini_set('display_errors', 1);` after ` – Qirel Apr 26 '18 at 22:49

0 Answers0