As you can see below, I've tried several methods to insert a message into the DB, but for some reason it's executing twice. It's not writing a duplicate because there's an unique key field, but it's just writing it twice. How can I fix this issue? if($ft>0) { $ft="UPDATE sc_member SET mem_feature_flag='1' WHERE scm_mem_id='$ft'"; $res=$db->update($ft); // SEND MESSAGE $time=time(); $to=$_GET['ft']; $txt_sb_body="Hey ".$fname.", You have been featured! Keep up your activity! {automated message}"; $sql_c = "INSERT INTO sc_messages (smg_from, smg_to, smg_subject, smg_body, smg_sent_del, smg_postdate, scm_bulletin, send_cron) VALUES ('1','$to','Featured Alert','$txt_sb_body','1','$time', '6', 'N')"; $db->insert_data($sql_c); //$sql="INSERT IGNORE INTO sc_messages (smg_from, smg_to, smg_subject, smg_body, smg_sent_del, smg_postdate, scm_bulletin, send_cron) VALUES ('1','$ft','Featured Alert','$txt_sb_body','1','$time', '6', 'N')"; //$result = mysql_query($sql); } Code (markup):
The code above is correct as in it only inserts once. Can you show the $db class as the problem may lay in there. Also you need to escape the values before inserting them into the database. And you also need to careful when printing out to the screen in-case there's any JavaScript or HTML.
As HuggyStudios suggests the problem could be in your class -- or I think it might be in whatever code is around this; could be either one. that's one of the problems of diagnosing snippets instead of the full code, the problem quite often lies elsewhere. Though since you are dumping variables into queries, and your commented out code uses mysql_ functions, i assume that $db class is a mysql_ function mess? We've been told for EIGHT... Well, at this point more like NINE YEARS to stop doing that, hence the reason a year and a half ago they added the GIANT RED WARNING BOXES to the documentation? I'd suggest ditching whatever that outdated (and bizarre) $db class is in favor of just using PDO normally, that way you could use prepared queries, a LOT less 'pointless' variables, and not have to worry about sanitizing values since it will handle that for you. I'd also probably use SQL's time instead of PHP's, making that column datetime if possible -- then the code would look something more like this: if ($ft > 0) { $statement = $db->prepare(' UPDATE sc_member SET mem_feature_flag = 1 WHERE scm_mem_id = ? '); $statement->execute([$ft]); $statement = $db->prepare(' INSERT INTO sc_messages ( smg_from, smg_to, smg_subject, smg_body, smg_sent_del, smg_postdata, scm_bulletin, send_cron ) VALUES ( 1, :to, `Featured Alert`, :txt, 1, NOW(), 6, `n` ) '); $statement = $db->execute([ ':to' => $_GET['ft'], ':txt' => 'Hey ' . $fname . ', You have been featured! Keep up your activity! {automated message}' ]); Code (markup): * note, the above uses php 5.4 style arrays, will not run on PHP 5.3/earlier. I now refuse to support anything less than 5.4, and for good reason!