0

I have a game where you can submit your score to a database, but for some reason the submission keeps getting triggered twice. Every entry is doubled. I've seen similar problems posted here, and the solution had to do with the if/else check at the end, but I don't see a problem.

Is it my PHP code that's duplicating the entries or my game application?

<?php

$servername = "xxx";
$username = "xxx";
$password = "xxx";
$dbname = "xxx";
$port = "xxx";

$link = mysqli_connect($servername, $username, $password, $dbname, $port);


// Security
$playerInitials = mysqli_real_escape_string($link,$_REQUEST['initials']);
$playerEmail = mysqli_real_escape_string($link,$_REQUEST['email']);
$playerScore = mysqli_real_escape_string($link,$_REQUEST['score']);

// Convert Initials to Upper Case
$playerInitialsUC = strtoupper($playerInitials);


$sql = "INSERT INTO xmas (initials, email, score)
VALUES ('$playerInitialsUC', '$playerEmail', '$playerScore')";


if(mysqli_query($link, $sql)){
    echo "Records added successfully.";
} else{
    echo "ERROR: " . mysqli_error($link);
}


mysqli_close($link);

?>
Dave Schuette
  • 23
  • 6
  • 1
    check for anything that could trigger something. Either via a service, mysql, js etc. – Funk Forty Niner Jul 17 '18 at 15:52
  • Maybe your browser is sending the request twice, for some reason? Check your apache access_log – Eduardo Escobar Jul 17 '18 at 15:52
  • 1
    It could be you double-clicking the submit button ? – Luke Jul 17 '18 at 15:56
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/). Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead. ... *oh god, I've become tadman.* – IncredibleHat Jul 17 '18 at 16:26

2 Answers2

0

You can try this in your sql query:

REPLACE does exactly what INSERT does but it won't let sql query double a record.

REPLACE into xmas (initials, email, score) values('$playerInitialsUC', '$playerEmail', '$playerScore')

You can tell me if it didn't work or it's not what you want :)

Or you can add this query to the end of your code to make the rows unique:(not sure about this one):

ALTER TABLE xmas ADD UNIQUE( `initials`, `email`, `score`)
Mobin F.R.G
  • 317
  • 1
  • 15
0

Yeah, turns out the my submit button was a little too sensitive and clicks were registering multiple times. Thanks everybody.

Dave Schuette
  • 23
  • 6