我很新的PHP和我只是想我的手在一個腳本,它不恰當地寫然而,因爲它是容易受到SQL注入。我打算在這方面做出改進,但這隻有在PHP推進時纔有可能。當我嘗試從Java(Android)POST變量並使用它們查詢數據庫時,我正面臨着一個問題。然而,腳本執行兩次,我發現我的數據庫中有重複的記錄。以下是該腳本:PHP - MySQL查詢執行兩次
<?php
require 'DbConnect.php';
$Make = $_POST["Make"];
$Model = $_POST["Model"];
$Version= $_POST["Version"];
$FuelType= $_POST["FuelType"];
$Kilo = $_POST["Kilo"];
$Price= $_POST["Price"];
$Reg= $_POST["Reg"];
$Color= $_POST["Color"];
$Mdate= $_POST["Mdate"];
$Desc= $_POST["Desc"];
$Loc= $_POST["Loc"];
$Owners = $_POST["Owners"];
$Negot= $_POST["Negot"];
$Trans= $_POST["Trans"];
$AC= $_POST["AC"];
$car_lockk= $_POST["Lockk"];
$Sunroof= $_POST["Sunroof"];
$Window= $_POST["Window"];
$Seat= $_POST["Seats"];
$Stearing= $_POST["Stearing"];
$Music= $_POST["Player"];
$Wheels= $_POST["Wheel"];
$Sound= $_POST["Sound"];
$Drive= $_POST["Drive"];
$ID = $_POST["Seller_ID"];
$query2 = "INSERT INTO used_cars (make, model, version, color, \
manufacturing_date, km_driven, fuel_type, expected_price, \
negotiable, registration_place, no_of_owners, description, \
current_location, transmission, ac, sunroof, window, seats, \
stearing, player, wheels, sound_system, drive, car_lockk, seller_id) \
VALUES ('$Make', '$Model', '$Version', '$Color', '$Mdate', '$Kilo', \
'$FuelType', '$Price', '$Negot', '$Reg', '$Owners', '$Desc', '$Loc', \
'$Trans', '$AC', '$Sunroof', '$Window', '$Seat', '$Stearing', \
'$Music', '$Wheels', '$Sound', '$Drive', '$car_lockk', '$ID')";
if(mysql_query($query2)){
echo 'success';
//echo $Img
}else{
echo 'Fail';
}
?>
此代碼是易受[SQL注入](https://www.owasp.org/index.php/SQL_Injection),以及'mysql_'功能棄用。請改爲通過[MySQLi](http://php.net/manual/en/book.mysqli.php)使用參數化查詢。 – Polynomial 2013-04-26 12:30:47
經過兩次點擊後,您會知道,例如,如果我發佈了我的數據,並使用query()函數引導到您的頁面,並且刷新頁面,它會再次發佈相同的數據? – 2013-04-26 12:32:40
取消註釋'if'語句,並在成功插入數據後重定向。請使用'mySQLi'或'PDO'。 – chriz 2013-04-26 12:39:08