Stop Form Values From Inserting Into MySQL Database Twice
A couple comments have the right idea. You're looping through the number of files which can be up to the same length as the number of records, so you're entering in the query for a single record for every file up tot he number of records so you could at a max end up always putting in x^2 number of records.
Try dumping that inside loop, and using the original counter as the place mark since it's only one file per record... Your next challenge is going to be making sure that the if a record in the middle doesn't have a file but ones after it do, that that file gets attached to the correct record. This is to whet your pallet though:
$tmp_name = $_FILES['newImage']['tmp_name'][$i];
$imageName = $_FILES['newImage']['name'][$i];
move_uploaded_file($tmp_name, "decalImages/newOrders/$imageName");
$uploadDir = 'decalImages/newOrders/';
// Insert new row with user data
$query = "INSERT INTO orders (PaymentStatus, invoice_no, length, width, color, quantity, price, imagePath, orderStatus ) VALUES ('".$newOrder['paymentStatus']."','".$newOrder['invoice']."','".$newOrder['length']."', '".$newOrder['width']."', '".$newOrder['color']."', '".$newOrder['quantity']."', '".$newOrder['price']."', '".$uploadDir."".$imageName."', 'PENDING')";
$result = mysql_query($query);
if (!$result) {
die('Invalid query: ' . mysql_error());
echo "$query";
mysql_close();
}
PHP-Mysql query unnecessarily inserting data twice
So, there's a few problems here..
$conn->query
as mentioned will directly run the code therefore execute is redundant however, you're wide open for SQL Injections therefore you should bind such as my example below:
$stmt = $this->conn->prepare("INSERT INTO `candidates`(`Fname`,`Lname`,`dob`,`password`,`contact`) VALUES (?,?,?,?,?)");
$stmt->execute([$fname,$lname,$dob,$password,$contact]);
Also, you shouldn't be running a try { } catch {}
on generic queries such as this (especially if you're on a live environment as everybody will be able to see such problems as well as yourself).
On a side note, adding the password in unencrypted is also leaving you with security issues. You should take a look at using password_hash
documentation: http://php.net/manual/en/function.password-hash.php
PHP MYSQL Prevent user or email inserted twice
Since you are not doing any validation, you can use the Email as a unique field and do an REPLACE query. http://dev.mysql.com/doc/refman/5.0/en/replace.html
I would strongly advise you to write validation in the form of a query check against the database prior to attempting to do a secondary insert. It's even made easy by persistent connections being available so you don't have the overhead of few ticks it takes to do that validation query.
MYSQL avoid inserting same row twice
You can use the INSERT IGNORE INTO syntax or INSERT...ON DUPLICATE KEY UPDATE on your insert statement.
If you use INSERT IGNORE, then the row won't actually be inserted if it results in a duplicate key. But the statement won't generate an error. It generates a warning instead.
INSERT IGNORE INTO mytable
(primaryKey, field1, field2)
VALUES
('abc', 1, 2);
Sql query inserts data in database twice
Like Other Stackoverflow Engineers has stated, your code is a security disaster if you plan to use it in production..
I just pick three form parameters**(first_name, last_name, address)** to recreate this code of yours while ensuring that sql injection
attack is not possible. You can addon other form parameters following my method.
Please ensure that all database credentials are okay before testing
<?php
$con=mysqli_connect("localhost","root","my_password","yourdb goes");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables Against sql injections
$firstname = mysqli_real_escape_string($con, $_POST['f_name']);
$lastname = mysqli_real_escape_string($con, $_POST['l_name']);
$address = mysqli_real_escape_string($con, $_POST['add']);
$sql="INSERT INTO mark (first_name, last_name, address)
VALUES ('$firstname', '$lastname', '$address')";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
Related Topics
Wordpress: Loading Multiple Scripts with Enqueue
Getting Multiple Checkboxes Names/Id's with PHP
Run a Ffmpeg Process in the Background
Strict Standards: Only Variables Should Be Assigned by Reference PHP 5.4
PHP File Upload Error Tmp_Name Is Empty
Get Variables from the Outside, Inside a Function in PHP
How to Convert Excel Xls to CSV Using PHP
Laravel - Database, Table and Column Naming Conventions
Laravel 5.2 Cors, Get Not Working with Preflight Options
How to Call a PHP Function from Ajax
Keeping Url Parameters During Pagination
Show Stock Status Next to Each Attribute Value in Woocommerce Variable Products
How to Display PHP & HTML Source Code on a Page
Call to Undefined Method Domdocument::Getelementsbyclassname()
Multiple Replace (Probably Preg_Replace) of Same String with Array