perky416 Posted February 12, 2011 Share Posted February 12, 2011 Hi Guys, Im trying to create a registration form so users can sign up to my website, however i have noticed that when the page is refreshed the form automatically submits. Please could somebody help me stop this? Thanks <body> <form name="registration_form" method="post" onsubmit="return Validate();"> First Name: <input type="text" name="first_name"><br /> Last Name: <input type="text" name="last_name"><br /> Email: <input type="text" name="email"><br /> Confirm Email: <input type="text" name="confirm_email"><br /> Username: <input type="text" name="username"><br /> Password: <input type="password" name="password"><br /> Confirm Password: <input type="password" name="confirm_password"><br /> <input type="submit" value="Register"> </form> <?php $connect=mysql_connect("localhost","leemp5_admin","p7031521"); mysql_select_db("leemp5_database",$connect) or die (mysql_errno().":<b> ".mysql_error()."</b>"); $insert_query = 'insert into users (username,first_name,last_name,email,password) values ( "' . $_POST['username'] . '", "' . $_POST['first_name'] . '", "' . $_POST['last_name'] . '", "' . $_POST['email'] . '", "' . $_POST['password'] . '" )'; mysql_query($insert_query); ?> </body> Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 12, 2011 Share Posted February 12, 2011 You mean after the form has already been successfully submitted it will resubmit if refreshed, right? If that's the case, you can use a header() redirect after successful submission to dump the contents of the $_POST array. Quote Link to comment Share on other sites More sharing options...
perky416 Posted February 13, 2011 Author Share Posted February 13, 2011 Hi mate, No, even if the form has not been submitted, whenever the page is refreshed (by pressing F5 or using the browsers refresh button) the form submits itself. Iv tried searching google however i can only find solutions like you say, how to solve it after the form has been submitted. Its really confused me. Thanks Quote Link to comment Share on other sites More sharing options...
floridaflatlander Posted February 13, 2011 Share Posted February 13, 2011 Do you have your form set to where it will only submit when all the varliables are set? If so maybe something like $var = ""; will work when it is placed at the end of your code. It would be like $var = 1; the script starts running enters the data in the dtabase, then $var gets redifined to $var = ""; just before the closing php tag (?>), this way when your script tries to run again the $var is not defined and the script wont run. Or you can do a check for double entry. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 13, 2011 Share Posted February 13, 2011 Looking at your code, the form isn't submitting. There's simply no logic in it at all to prevent the database INSERT query from running whenever the page loads. You need to verify that the form has been submitted, validate and sanitize the data, and only then allow the record to be inserted. Quote Link to comment Share on other sites More sharing options...
lee2010 Posted February 13, 2011 Share Posted February 13, 2011 you also will want to hash the users password using md5 or better still sha1 sha1($_POST['password']) if you do this remember on your login script to also hash the password otherwise they won't match and protect your site from sql injection with this $_POST = array_map('strip_tags', $_POST); $_POST = array_map('mysql_real_escape_string', $_POST); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.