Duplicate rows

<?php
$cont_date=date('y-m-d');
$cont_time=date('G:i:s');
$name = @$HTTP_POST_VARS["name"];
$email = @$HTTP_POST_VARS["email"];
$comp_name = @$HTTP_POST_VARS["comp_name"];
$attn = @$HTTP_POST_VARS["attn"];
$subject = @$HTTP_POST_VARS["subject"];
$msg = @$HTTP_POST_VARS["msg"];

include("database.php");


$query = "INSERT INTO contact_info(cont_date,cont_time,name,email,comp_name,attn,subject,msg)
values
('".$cont_date."','".$cont_time."','".$name."','".$email."','".$comp_name."','".$attn."','".$subject
."','".$msg."')";

$rs=mysql_query($query);

if (!$rs) { ?>
<SCRIPT LANGUAGE="Javascript">
alert ('Your form has NOT been submitted!');
window.location="contactus.php";
</SCRIPT> <?php
exit;
} ?>



----------------------------
Result in database:
----------------------------
1 , 2007-12-27 , 12:02:18 , sgsdg , we@sg , sfsf , Project Manager , sdf , fffds , 0
2 , 2007-12-27 , 12:02:19 , , , , , , , 0

 

Please use

this code



<?php
$cont_date=date('y-m-d');
$cont_time=date('G:i:s');
$name = @$HTTP_POST_VARS["name"];
$email = @$HTTP_POST_VARS["email"];
$comp_name = @$HTTP_POST_VARS["comp_name"];
$attn = @$HTTP_POST_VARS["attn"];
$subject = @$HTTP_POST_VARS["subject"];
$msg = @$HTTP_POST_VARS["msg"];

include("database.php");

if (isset($name))
{
$query = "INSERT INTO contact_info(cont_date,cont_time,name,email,comp_name,attn,subject,msg)
values
('".$cont_date."','".$cont_time."','".$name."','".$email."','".$comp_name."','".$attn."','".$subject
."','".$msg."')";

$rs=mysql_query($query);
}
if (!$rs) { ?>
<SCRIPT LANGUAGE="Javascript">
alert ('Your form has NOT been submitted!');
window.location="contactus.php";
</SCRIPT> <?php
exit;
} ?>

 

$HTTP_POST_VARS is deprecated, but anyway, add this line before assigning the variables.

$HTTP_POST_VARS = array_map('mysql_real_escape_string', $HTTP_POST_VARS);

PHP:

And that's why: www.php.net/mysql_real_escape_string

 

above 2 methods don't works....

the record is sent into database, the problem is another incomplete records is sent into database too. looks like duplicated record! all this happen in a submit form only.

the most "amazing" is when i retrieve the record from database, the showing record is only the complete record!

 

nobody can help me in this problem???

 

You probably are getting a character in your string.

Be sure to strip off characters before inserting.

make a file called func.php then include it in your .php

<?php
#contents of func.php
function cleanse($string)
{
        return str_replace('"', '\"', strip_tags($string));
}

function esc ($s) {
        return escapeshellcmd($s);
}
?>

Code (markup):

Now do:

<?php
include "func.php";

$cont_date=date('y-m-d');
$cont_time=date('G:i:s');
$name = @$HTTP_POST_VARS["name"];
$email = @$HTTP_POST_VARS["email"];
$comp_name = @$HTTP_POST_VARS["comp_name"];
$attn = @$HTTP_POST_VARS["attn"];
$subject = @$HTTP_POST_VARS["subject"];
$msg = @$HTTP_POST_VARS["msg"];


cleanse($cont_date);
cleanse($cont_time);
cleanse($name);
cleanse($email);
cleanse($comp_name);
cleanse($attn);
cleanse($subject);
cleanse($msg);

include("database.php");

if (isset($name))
{
$query = "INSERT INTO contact_info(cont_date,cont_time,name,email,comp_name,attn,subject,msg)
values
('".esc($cont_date)."','".esc($cont_time)."','".esc($name)."','".esc($email)."','".esc($comp_name)."','".esc($attn)."','".esc($subject)."','".esc($msg)."')";
$rs=mysql_query($query);
}
if (!$rs) { ?>
<SCRIPT LANGUAGE="Javascript">
alert ('Your form has NOT been submitted!');
window.location="contactus.php";
</SCRIPT> <?php
exit;
} ?>

Code (markup):

Post your results.

 

there is no data is inserted into database.

	include("func.php");
	
	$cont_date=date('y-m-d');
	$cont_time=date('G:i:s'); 
	$name = @$HTTP_POST_VARS["name"];
	$email = @$HTTP_POST_VARS["email"];
	$comp_name =@$HTTP_POST_VARS["comp_name"];
	$attn = @$HTTP_POST_VARS["attn"];
	$subject = @$HTTP_POST_VARS["subject"];
	$msg =@$HTTP_POST_VARS["msg"];

echo "1";

	cleanse($cont_date);
	cleanse($cont_time);
	cleanse($name);
	cleanse($email);
	cleanse($comp_name);
	cleanse($attn);
	cleanse($subject);
	cleanse($msg);
	
echo "2";

PHP:

i try to "debug" the code, the webpage only show 1.

*************************************************************************

when i remove the include "func.php" and paste the code to the .php file...

function cleanse($string)
{
        return str_replace('"', '\"', strip_tags($string));
}

function esc ($s) {
        return escapeshellcmd($s);
}
	
	
	$cont_date=date('y-m-d');
	$cont_time=date('G:i:s'); 
	$name = @$HTTP_POST_VARS["name"];
	$email = @$HTTP_POST_VARS["email"];
	$comp_name =@$HTTP_POST_VARS["comp_name"];
	$attn = @$HTTP_POST_VARS["attn"];
	$subject = @$HTTP_POST_VARS["subject"];
	$msg =@$HTTP_POST_VARS["msg"];


	cleanse($cont_date);
	cleanse($cont_time);
	cleanse($name);
	cleanse($email);
	cleanse($comp_name);
	cleanse($attn);
	cleanse($subject);
	cleanse($msg);
	

PHP:

and like that the result is inserted seccessfully into database and no more duplicate row.
what is the problem of the include?

 

anyway, i want to say THANK YOU to all the people who help me in solving this problem especially is LittleJonSupportSite.....