PHP-Mysql查询不必要地插入两次数据。

This problem i am facing is quite unusual to me. What i am actually trying to do is inserting data into mysql database table through the HTML form.

我所面临的这个问题对我来说很不寻常。实际上我想要做的是通过HTML表单将数据插入到mysql数据库表中。

I have a database and i am trying to insert data into it but it always shows that "duplicate entry error".

我有一个数据库，我试图插入数据，但它总是显示“重复输入错误”。

the problem is despite checking that the information i'm entering is unique it shows that error.When i check my database table i can see that every time the entries are incrementing the id by 2. I have no idea why is my query inserting data twice and making the primary key increment by 2 and Please help i want every thing to be normal.

问题是，尽管检查了我输入的信息是唯一的，但它显示了错误。当我检查我的数据库表时，我可以看到每次条目将id增加2。我不知道为什么我的查询插入数据两次，并使主键增量为2，请帮助我希望每一件事情都是正常的。

I can't fix it please help me.

我不能修理它，请帮帮我。

here is my html code for the form

这是表单的html代码。

<form class="form-horizontal" name="RegisterCandidate" action="../processors/process_register_candidate.php" method="post" enctype="application/x-www-form-urlencoded">
        <div class="form-group">
            <label for="Fname" class="control-label col-sm-4">
                First Name
            </label>
            <div class="col-sm-8">
                <input type="text" class="form-control" name="Fname" tabindex="1" autofocus required placeholder="First Name" />
            </div>
        </div>

        <div class="form-group">
            <label for="Lname" class="control-label col-sm-4">
                Last Name
            </label>
            <div class="col-sm-8">
                <input type="text" class="form-control" name="Lname" tabindex="2"  required placeholder="Last Name" />
            </div>
        </div>

        <div class="form-group">
            <label for="Photo" class="control-label col-sm-4">
                Photograph
            </label>
            <div class="col-sm-8">
                <input type="file" class="form-control" name="Photo" tabindex="3" placeholder="Select Photo" />
            </div>
        </div>
        <div class="form-group">
            <label for="DOB" class="control-label col-sm-4">
                Date of Birth (DD-MM-YYYY)
            </label>
            <div class="col-sm-8">
                <input type="date" class="form-control" name="dob" tabindex="4"  required />
            </div>
        </div>

        <div class="form-group">
            <label for="password" class="control-label col-sm-4">
                Password
            </label>
            <div class="col-sm-8">
                <input type="password" class="form-control" name="password" tabindex="5"  required placeholder="Password" />
            </div>
        </div>

        <div class="form-group">
            <label for="contact" class="control-label col-sm-4">
                Contact No.
            </label>
            <div class="col-sm-8">
                <input type="tel" class="form-control" name="contact" tabindex="6"  required placeholder="Contact Number" />
            </div>
        </div>
        <button type="submit" name="register" class="btn btn-success" style="float:right; margin-right:30%;">
            Register
        </button>
    </form>

here is the copy of my php-mysql code

这是我的php-mysql代码的拷贝。

<?php
require_once "../web_config/web.config.php";

$conn = connect();

$fname = $_POST["Fname"];
$lname = $_POST["Lname"];
$dob = $_POST["dob"];
$password = $_POST["password"];
$contact = $_POST["contact"];

$insert = " INSERT INTO `candidates`
(
`Fname`,
`Lname`,
`dob`,
`password`,
`contact`
) VALUES (
'$fname',
'$lname',
'$dob',
'$password',
'$contact'
)
";
try{
    $st = $conn->query($insert);
    $st->execute();
} catch(PDOException $e) {
    echo "//Failed to insert data due to ".$e->getMessage();
}
echo $fname." ".$lname;
#header("Location:../src/student_login.php");

?>

please help me out with this. Thank you.

请帮我解决这个问题。谢谢你！

2 个解决方案

#1

So, there's a few problems here..

所以，这里有一些问题。

$conn->query as mentioned will directly run the code therefore execute is redundant however, you're wide open for SQL Injections therefore you should bind such as my example below:

$conn->查询如前所述将直接运行代码，因此执行是冗余的，但是对于SQL注入来说，您是完全开放的，因此您应该绑定如下的示例:

$stmt = $this->conn->prepare("INSERT INTO `candidates`(`Fname`,`Lname`,`dob`,`password`,`contact`) VALUES (?,?,?,?,?)");
$stmt->execute([$fname,$lname,$dob,$password,$contact]);

Also, you shouldn't be running a try { } catch {} on generic queries such as this (especially if you're on a live environment as everybody will be able to see such problems as well as yourself).

另外，您不应该在诸如此类的泛型查询上运行try{}{}{}，特别是在一个环境中，因为每个人都可以看到这样的问题，也可以看到自己的问题。

On a side note, adding the password in unencrypted is also leaving you with security issues. You should take a look at using password_hash documentation: http://php.net/manual/en/function.password-hash.php

另一方面，在未加密的情况下添加密码也会给你带来安全问题。您应该查看使用password_hash文档:http://php.net/manual/en/function.passwordhash.php。

#2

try{
    $st = $conn->query($insert);
    $st->execute();
} catch(PDOException $e) {
    echo "//Failed to insert data due to ".$e->getMessage();
}

in this code you are executing your $conn->query($insert); is enough for insertion $st holds only the result of insert query it is not a prepared statement remove

在这段代码中，您正在执行$conn->查询($insert);是否足够插入$st只保存插入查询的结果，它不是一个准备好的语句移除?

$st->execute();

#1