0

The following code is inserting two records into my database, but I only want it to insert one. Why is it inserting the row twice?

<?
if (!$con)
{
    die('Could not connect: ' . mysql_error());
}

$i=1;

while($i<=1)
{
    if (isset($_POST['submit'])) 
    {
        $sql="INSERT INTO customers 
                  (company, salutation, first_name, 
                   last_name, phone, email, fax, 
                   street, town, county, postcode, 
                   type, notes)
              VALUES
                  ('$_POST[company]',
                   '$_POST[salutation]',
                   '$_POST[first_name]',
                   '$_POST[last_name]',
                   '$_POST[phone]',
                   '$_POST[fax]',
                   '$_POST[email]',
                   '$_POST[street]',
                   '$_POST[town]',
                   '$_POST[county]',
                   '$_POST[postcode]',
                   '$_POST[type]',
                   '$_POST[notes]')";

        if (!mysql_query($sql,$con))
        {
            die('Error: ' . mysql_error());
        }
    }

    $i++;
}
?>
Improve this question
4
  • First of all, you should definitly escape your input data, using something like mysql_real_escape_string ; second, why the while loop ? Commented Jul 26, 2009 at 17:14
  • And maybe some order in your code :P Commented Jul 26, 2009 at 17:22
  • $_POST[company] should be $_POST['company'] Commented Jul 26, 2009 at 17:52
  • @Bifter: Why are you using a while loop? :/ Commented Jul 26, 2009 at 18:01

4 Answers 4

Reset to default
2

At a guess, I'd say it's because it's being executed twice. (Not being smarmy - it's most likely a control flow problem, as there doesn't seem to be anything that would cause the above to insert twice as it stands.)

That said, there's quite a few worrying things in there such as a lack of input escaping, etc. e.g.: What's the purpose of the $i variable?

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Does the CUSTOMERS table have at least a primary key defined to stop duplicates?

Is your PHP webapp smart enough to stop someone from reaching this page if an entry in the CUSTOMERS table for the column combination already exists in the table?

Improve this answer

Comments

0

I can't say from only this. And that code is barely readable indentation is worse than just non-existant and the way you are embedding your post variables in your query doesn't make it any clearer either (and it might actually cause a security vulnerability).

Try writing echo $sql; after your $sql = ... monster. You will be able to see if two queries are executed or if it is just one query that inserts two rows, and in the last case it will probably give you quite a hint why it did that. If it does not help you, post your results of that there, and I or someone else here can have a look at it. But note that it will not be easy or pleasant for us with such ungraceful code.

Improve this answer

Comments

0

I have worked through your code and I don't see any reason for the double insert. Is there something else we should know about? It should not be causing the problem, but why is there a while loop in your code? Is there any way this page is being submitted twice? Is there a trigger in place?

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.