Stop Data Inserting into a Database Twice

Stop Form Values From Inserting Into MySQL Database Twice

A couple comments have the right idea. You're looping through the number of files which can be up to the same length as the number of records, so you're entering in the query for a single record for every file up tot he number of records so you could at a max end up always putting in x^2 number of records.

Try dumping that inside loop, and using the original counter as the place mark since it's only one file per record... Your next challenge is going to be making sure that the if a record in the middle doesn't have a file but ones after it do, that that file gets attached to the correct record. This is to whet your pallet though: 

$tmp_name = $_FILES['newImage']['tmp_name'][$i];
$imageName = $_FILES['newImage']['name'][$i];
move_uploaded_file($tmp_name, "decalImages/newOrders/$imageName");

$uploadDir = 'decalImages/newOrders/';

// Insert new row with user data
$query = "INSERT INTO orders (PaymentStatus, invoice_no, length, width, color, quantity, price, imagePath, orderStatus ) VALUES ('".$newOrder['paymentStatus']."','".$newOrder['invoice']."','".$newOrder['length']."', '".$newOrder['width']."', '".$newOrder['color']."', '".$newOrder['quantity']."', '".$newOrder['price']."', '".$uploadDir."".$imageName."', 'PENDING')";

$result = mysql_query($query);

if (!$result) {
die('Invalid query: ' . mysql_error());
echo "$query";
mysql_close();
}

PHP-Mysql query unnecessarily inserting data twice

So, there's a few problems here..

$conn->query as mentioned will directly run the code therefore execute is redundant however, you're wide open for SQL Injections therefore you should bind such as my example below:

$stmt = $this->conn->prepare("INSERT INTO `candidates`(`Fname`,`Lname`,`dob`,`password`,`contact`) VALUES (?,?,?,?,?)");
$stmt->execute([$fname,$lname,$dob,$password,$contact]);

Also, you shouldn't be running a try { } catch {} on generic queries such as this (especially if you're on a live environment as everybody will be able to see such problems as well as yourself).

On a side note, adding the password in unencrypted is also leaving you with security issues. You should take a look at using password_hash documentation: http://php.net/manual/en/function.password-hash.php

PHP MYSQL Prevent user or email inserted twice

Since you are not doing any validation, you can use the Email as a unique field and do an REPLACE query. http://dev.mysql.com/doc/refman/5.0/en/replace.html

I would strongly advise you to write validation in the form of a query check against the database prior to attempting to do a secondary insert. It's even made easy by persistent connections being available so you don't have the overhead of few ticks it takes to do that validation query.

MYSQL avoid inserting same row twice

You can use the INSERT IGNORE INTO syntax or INSERT...ON DUPLICATE KEY UPDATE on your insert statement.

If you use INSERT IGNORE, then the row won't actually be inserted if it results in a duplicate key. But the statement won't generate an error. It generates a warning instead.

INSERT IGNORE INTO mytable
    (primaryKey, field1, field2)
VALUES
    ('abc', 1, 2);

Sql query inserts data in database twice

Like Other Stackoverflow Engineers has stated, your code is a security disaster if you plan to use it in production..

I just pick three form parameters**(first_name, last_name, address)** to recreate this code of yours while ensuring that sql injection
attack is not possible. You can addon other form parameters following my method.

Please ensure that all database credentials are okay before testing

<?php
$con=mysqli_connect("localhost","root","my_password","yourdb goes");

// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

// escape variables Against sql injections
$firstname = mysqli_real_escape_string($con, $_POST['f_name']);
$lastname = mysqli_real_escape_string($con, $_POST['l_name']);
$address = mysqli_real_escape_string($con, $_POST['add']);

$sql="INSERT INTO mark (first_name, last_name, address)
VALUES ('$firstname', '$lastname', '$address')";

if (!mysqli_query($con,$sql)) {
  die('Error: ' . mysqli_error($con));
}
echo "1 record added";

mysqli_close($con);
?>

Related Topics

Wordpress: Loading Multiple Scripts with Enqueue

Convert Tiff to Jpg in PHP

Getting Multiple Checkboxes Names/Id's with PHP

Run a Ffmpeg Process in the Background

Strict Standards: Only Variables Should Be Assigned by Reference PHP 5.4

PHP File Upload Error Tmp_Name Is Empty

Get Variables from the Outside, Inside a Function in PHP

How to Convert Excel Xls to CSV Using PHP

Laravel - Database, Table and Column Naming Conventions

Laravel 5.2 Cors, Get Not Working with Preflight Options

How to Call a PHP Function from Ajax

Keeping Url Parameters During Pagination

Show Stock Status Next to Each Attribute Value in Woocommerce Variable Products

How to Display PHP & HTML Source Code on a Page

Call to Undefined Method Domdocument::Getelementsbyclassname()

Multiple Replace (Probably Preg_Replace) of Same String with Array

Laravel 3:Looking for Explanation How to Use the Model

Get Last Executed Query in PHP Pdo


Leave a reply



Submit