两条记录插入到Mysql数据库中,而不是一条

时间:2019-10-21 08:54:00

标签: javascript php mysql

我有一个问题。它没有两次插入记录,而是将两次插入DB表。我正在使用Javascript函数将数据发送到PHP,现在可以将数据保存到数据库了,毫无疑问,但是它没有一个记录,却保存了两次。而且我没有理由如此。

我用于保存数据的javascript如下:

function submitFormData(){
    var xhr = new XMLHttpRequest();
    var url = 'submit_request.php';
    var fullname = document.getElementById("fullname").value;
    var address = document.getElementById("address").value;
    var address2 = document.getElementById("address2").value;
    var city = document.getElementById("city").value;
    var state = document.getElementById("state").value;
    var telephone = document.getElementById("telephone").value;
    var email = document.getElementById("email").value;
    var vehicle_type = document.getElementById("vehicle_type").value;
    var vehicleNo = document.getElementById("vehicleNo").value;
    var visit_date = document.getElementById("visit_date").value;
    var visit_purpose = document.getElementById("visit_purpose").value;
    var whom_tosee = document.getElementById("whom_tosee").value;
    var login_time = document.getElementById("login_time").value;

    var params = 'fullname='+fullname+'&address='+address+'&address2='+address2+'&city='+city+'&state='+state+'&telephone='+telephone+'&email='+email+'&vehicle_type='+vehicle_type+'&vehicleNo='+vehicleNo+'&visit_date='+visit_date+'&visit_date='+visit_date+'&visit_purpose='+visit_purpose+'&whom_tosee='+whom_tosee+'&login_time='+login_time+'';

    var txt = 'Please confirm the following Information\n FullName : '+fullname+'\n Address : '+address+'\n Address2 : '+address2+'\n City: '+city+'\n State: '+state+'\n Telephone: '+telephone+'\n Email: '+email+'\n Vehicle Type: '+vehicle_type+'\n Vehicle #: '+vehicleNo+'\n Visit Date: '+visit_date+'\n Visit Purpose : '+visit_purpose+'\n Who To see : '+whom_tosee+'\n Login Time : '+login_time+'';
    var response = confirm(txt);

    if(response == true){
        xhr.open('GET', url, true);
        xhr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
        xhr.onreadystatechange = function(){
            if(xhr.readyState == 4 && xhr.status == 200) {
               // alert('Sending Data');
                var finalurl = url +'?'+params;
                window.location = finalurl;
            }
        }
        xhr.send(params);
    }else{
        window.location ='e-vmsreserve.php';
    }

}

用于将数据保存到数据库中的PHP如下所示

<?php
        session_start();
        if(!isset($_SESSION['userID']))
        {
                header("location: index.php");
        }
?>

<?php
require_once('inc/config.php');

$con = mysqli_connect($host,$user,$pass,$db) or die ('Cannot connect: '.mysqli_error());

$query = "SELECT * FROM evmsdbusers WHERE username = '".$_SESSION['userID']."'";
$result = mysqli_query($con,$query) or die('Bad Query: '.mysqli_error($con));
while($row = mysqli_fetch_array($result)){

$fullname = $row['fullname'];
$username = $row['username'];
$designation = $row['designation'];
}


?>

<?php

require_once('inc/config.php');

$con = mysqli_connect($host, $user, $pass, $db) or die('Cannot connect, Reason:'.mysqli_error());

$fullname = mysqli_real_escape_string($con,$_GET['fullname']);
$address = mysqli_real_escape_string($con,$_GET['address']);
$address2 = mysqli_real_escape_string($con,$_GET['address2']);
$city = mysqli_real_escape_string($con,$_GET['city']);
$state = mysqli_real_escape_string($con,$_GET['state']);
$telephone = mysqli_real_escape_string($con,$_GET['telephone']);
$email = mysqli_real_escape_string($con,$_GET['email']);
$vehicle_type = mysqli_real_escape_string($con,$_GET['vehicle_type']);
$vehicleNo = mysqli_real_escape_string($con,$_GET['vehicleNo']);
$visit_date = mysqli_real_escape_string($con,$_GET['visit_date']);
$visit_purpose = mysqli_real_escape_string($con,$_GET['visit_purpose']);
$whom_tosee = mysqli_real_escape_string($con,$_GET['whom_tosee']);
$login_time = mysqli_real_escape_string($con,$_GET['login_time']);
$invitee_username =$username;


$sql = "insert into new_reservation (fullname,address,address2,city,state,telephone,email,vehicle_type,vehicleNo,visit_date,visit_purpose,whom_tosee,login_time,visitor_username) values ('".$fullname."','".$address."','".$address2."','".$city."','".$state."','".$telephone."','".$email."','".$vehicle_type."','".$vehicleNo."','".$visit_date."','".$visit_purpose."','".$whom_tosee."','".$login_time."','".$invitee_username."')";
    mysqli_query($con, $sql) or die ('Bad Query, Reason: '.mysqli_error($con));

    $message = "Appointment Reserved!";
    echo '<script type="text/javascript">'; 
    echo 'alert("'.$message.'");'; 
    echo '</script>';

?>

现在我似乎不明白为什么我有2条记录,尽管不是重复的,但应该只有一条记录。

2 个答案:

答案 0 :(得分:1)

首先,您的代码对SQL注入是完全开放的,使用$_GET是对SQL注入的开放邀请。我建议您使用Prepared语句,这样可以防止您的代码受到SQL攻击。

代码中的问题window.location = finalurl;这一行,它将重定向到具有相同参数的相同php文件,并且由于$_GET的值,您的查询将插入两次。

因此,您只需要在获得response 200时显示您的响应,而无需使用相同的参数重定向到相同的URL 'submit_request.php'

一些有用的链接:

Are PDO prepared statements sufficient to prevent SQL injection?

Prepared Statement Manaul

总是在exit();之后header();再提出一个建议,否则您的代码将不会终止。

php - Should I call exit() after calling Location: header?

答案 1 :(得分:1)

谢谢DevPro,我设法找到了错误所在。执行获取请求时,它应该位于url +'?'+ parameters

模式中

我记得这一点,并在我的代码中进行了尝试,现在它以某种方式保存起来很好,并且没有重复记录或重复插入。如果将来有人需要它:),PHP保持不变。

我是这样做到的 xhr.open('GET',url +“?” + params,true); 

function submitFormData(){
    var xhr = new XMLHttpRequest();
    var url = 'submit_request.php';
    var fullname = document.getElementById("fullname").value;
    var address = document.getElementById("address").value;
    var address2 = document.getElementById("address2").value;
    var city = document.getElementById("city").value;
    var state = document.getElementById("state").value;
    var telephone = document.getElementById("telephone").value;
    var email = document.getElementById("email").value;
    var vehicle_type = document.getElementById("vehicle_type").value;
    var vehicleNo = document.getElementById("vehicleNo").value;
    var visit_date = document.getElementById("visit_date").value;
    var visit_purpose = document.getElementById("visit_purpose").value;
    var whom_tosee = document.getElementById("whom_tosee").value;
    var login_time = document.getElementById("login_time").value;

    var params = 'fullname='+fullname+'&address='+address+'&address2='+address2+'&city='+city+'&state='+state+'&telephone='+telephone+'&email='+email+'&vehicle_type='+vehicle_type+'&vehicleNo='+vehicleNo+'&visit_date='+visit_date+'&visit_date='+visit_date+'&visit_purpose='+visit_purpose+'&whom_tosee='+whom_tosee+'&login_time='+login_time+'';

    var txt = 'Please confirm the following Information\n FullName : '+fullname+'\n Address : '+address+'\n Address2 : '+address2+'\n City: '+city+'\n State: '+state+'\n Telephone: '+telephone+'\n Email: '+email+'\n Vehicle Type: '+vehicle_type+'\n Vehicle #: '+vehicleNo+'\n Visit Date: '+visit_date+'\n Visit Purpose : '+visit_purpose+'\n Who To see : '+whom_tosee+'\n Login Time : '+login_time+'';
    var response = confirm(txt);

    if(response ==true){
        xhr.open('GET', url+"?"+params, true);
        xhr.onreadystatechange = function(){
            if(xhr.readyState == 4 && xhr.status == 200) {
                alert('ok');
            }   
        }
        xhr.send(null);
    }

}

谢谢大家!

相关问题
最新问题