page loading insert condition problem

minkoko · 01-07-2013, 12:50 PM

Hello Everyone ,i just want to ask one question about the php condition statement

i insert comment by using the sql statement and i check the condition using like this

PHP Code:


			
if(isset($_POST['submit'])){
}

and i check the validation of form value if form is empty it don't work and
all field is complete ,the query is true
My problem is when i insert the comment and i reload the browser the query is return insert and everytime i reload this page my mysql query statement is working but i want to just one query when i click the submit button

How to solve this problem?
My Code is

PHP Code:


			
<?php 
  if(isset($_POST['submit']) ){
     $name=$_POST['name'];
     $email=$_POST['email'];
     $comment=$_POST['comment'];
     $comment_length=strlen($comment);
     $limitcomment = 200;
                                            
       if($comment_length > $limitcomment){
             echo '    <script type="text/javascript">alert("Your message more than  Limit !. \n Thanks for your Comment ");</script> ';
     }else{
    if((!empty($name))){   if(!empty($_POST['name']) && !empty($_POST['email']) && !empty($_POST['comment'])) {  echo '    <script type="text/javascript">alert("Your Comment Success!. \n Please wait Admin Approval ");</script> ';         
       $comment_sql=mysql_query("INSERT INTO `tw_gallery`.`comment`
(`id`,`pho_id`,`name`,`email`,`comment`,`date`,`show`) VALUES (NULL,'$photoid','$name','$email','$comment',NOW(),'No')");
                                                    
    if($comment_sql){
   echo '    <script type="text/javascript">alert("Your Comment Success!. \n Please wait Admin Approval ");</script> ';  }else{ echo '<font color="red">Not Insert Comment</font>';
        }
         }
       }else{
    echo '    <script type="text/javascript">alert("Please enter the all field!. \n Thanks ");</script> ';
      }
      }
     }
     ?>
                                                
<form action="" id="comment_form" method="post">
<label for="name">Name (Required)</label>
<input type="text" name="name" id="name" />
<label for="email">Email (Required)</label>
<input type="email" name="email" id="email" />
<label for="comment">Comment (Required)</label>
<textarea name="comment" id="comment" cols="30" rows="10"></textarea>
<input type="submit" name="submit" id="submit" value="Submit" />
</form>

Redcoder · 01-07-2013, 01:15 PM

First things first - if TangoForce could get his hands on you, he'd probably slap you.

Kidding. But he preaches don't use if($_POST['submit']) to check whether a form has been submitted. Here's why:

Code:

http://www.codingforums.com/showthread.php?t=240088

If you click the round curved arrow(in Mozilla) where its supposed to reload, it will resubmit the form. I think it even asks you whether you want to submit the form again and resend the data that has will probably repeat the action such as send and such.

What you can do, is make a hash of a concatenation of each commenters email and the message which will hold true for about 1 hour or so(To prevent them being unable to post the exact same message on another post later) then checking the hash and notifyng the user that they have already submitted that comment. This can also help prevent spam bots to a small degree.

Or even just use a session variable and compare the message. If it matches, tell the user that he has already posted such a message.

minkoko · 01-07-2013, 01:33 PM

Thanks Redcoder ,Guiding to me

So,What method should i use to check? Do you think And
You probably slap me. Kidding

Redcoder · 01-07-2013, 01:53 PM

Use session variables to check the messages....you can store an array of them to cater for multiple tabs like $_SESSION['message1'], $_SESSION['message2'] etc. Then compare the message posted to each variable in the array. If one of them matches, then don't execute query.