0

I am having a problem with PHP from that adds data to MYSQL database : 

<?php require("config/connection.php"); ?>
<?php require("includes/functions.php"); ?>

<?php
$username = $_POST['username'];
$password = $_POST['password'];

$error='';// zmienna do błędów

if(isset($_POST[submit])){



 if(trim($_POST[username])=='' || strlen(trim($_POST[username])) < 6 ||strlen(trim($_POST[username])) >12){


     $error.="Name must be between 6 ad 12 chars<br />";

 }  

}if($error==''){  // if no error, do a query

    $sql = @mysql_query("INSERT INTO users SET username=\"$username\", password=\"$password\"");




}

    else {

     echo "<span style=color:red>$error</span>";

    }   

    mysql_close($connection);

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>

<body>
<h2>Add user</h2>

<form action="add.php" method="post">

<p>Name: <input type="text" name="username" id="username" /></p>
<p>Password: <input type="text" name="password" id="password" /></p>
<p> <input type="submit" value="submit  " name="submit" /></p>

</form> 

<a href="index.php">Cancel</a>

</body>
</html>

The main problem is when I input username and password here is what I get:

http://i.padsbanger.pl/img/cdf5b5p988ga

For unknown reason it adds an empty row and after that it adds what I have trully inputed into my form. Any help ?

Improve this question
3
  • 1
    off topic, but you must protect your database using PDO and parameterized queries. do not take get or post data and put it into your query. Commented Dec 8, 2011 at 20:15
  • 2
    As @TimG added -> Please read this re SQL injection Commented Dec 8, 2011 at 20:16
  • You're not showing us the right part of the code. This code does not print the edit/delete buttons. Commented Dec 8, 2011 at 20:21

1 Answer 1

Reset to default
4

You are executing the query twice, once on page load and then again on submit

$error='';
if(isset($_POST[submit])){
 if(trim($_POST[username])=='' || strlen(trim($_POST[username])) < 6 ||strlen(trim($_POST[username])) >12){
     $error.="Name must be between 6 ad 12 chars<br />";
 }  
}// closes if(isset   *** move this until after the next if statement ***

//this is run everytime as its outside the if(isset block
if($error==''){  // errors is initialised as '' so this will run
    $sql = @mysql_query("INSERT INTO users SET username=\"$username\", password=\"$password\"");
}

if(isset($_POST[submit])){ should be if(isset($_POST['submit'])){

SQL Injection - You should read this

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.