1

Problem:
I have made a simple form that uses PHP to pass information to my database via a INSERT query. However, every time I run it, it tries to put the information in twice. How can I avoid this?

Explanation:
I first insert the answers, into my answers table, save the AnswerID as a variable. Then do the save with my question table and lastly I use the two saved variables containing the ID's into my question_answers table.

My code:

if (isset($_POST['textinput1']) && !empty($_POST['textinput1'])) { $text1 = mysqli_real_escape_string($conn, $_POST['textinput1']); $text2 = mysqli_real_escape_string($conn, $_POST['textinput2']); $q_text = mysqli_real_escape_string($conn, $_POST['textarea']); $stmt = $conn->prepare("INSERT INTO answers (Answer1Text, Answer2Text) VALUES (?, ?)"); $stmt->bind_param('ss', $text1, $text2); $stmt->execute(); $answerid = $stmt->insert_id; $stmt = $conn->prepare("INSERT INTO question (QuestionText) VALUES (?)"); $stmt->bind_param('s', $q_text); $stmt->execute(); $questionid = $stmt->insert_id; if ($stmt->execute()) { $stmt = $conn->prepare("INSERT INTO question_answers (AnswerID, QuestionID) VALUES (?, ?)"); $stmt->bind_param('ss', $answerid, $questionid); $stmt->execute(); echo "<h2>Dit spørgsmål er nu lagt op på siden!</h2>"; echo "<h3>Tusinde tak for din interesse for SMIL - Skodfri Århus.</h3>"; } else { echo "ERROR: Could not able to execute . " . mysqli_error($conn); } } // close connection mysqli_close($conn); ?>

My tables of importance:
question: QuestionID(PK), QuestionText
answers: AnswerID(PK), Answer1Text, Answer2Text
question_answers: QuestionAnswerID(PK), QuestionID(FK), AnswerID(FK)

Ps. I prefer not to use composite unique constraint as a solution.

Also a side-question, should $stmt->insert_id variables be mysqli_real_escape_string?

Improve this question
3
  • Are all the tables having data inserted twice? Commented Dec 13, 2015 at 18:56
  • 1
    You run $stmt->execute() twice. With prepared statements you don't need to be escaping. Commented Dec 13, 2015 at 18:59
  • Thank you for your answer, that was indeed the problem. Ah, does that mean this code is safe against SQL injections as it is? Commented Dec 13, 2015 at 19:12

2 Answers 2

Reset to default
3

Your problem is that you have executed the second query TWICE

if (isset($_POST['textinput1']) && !empty($_POST['textinput1'])) { $text1 = mysqli_real_escape_string($conn, $_POST['textinput1']); $text2 = mysqli_real_escape_string($conn, $_POST['textinput2']); $q_text = mysqli_real_escape_string($conn, $_POST['textarea']); $stmt = $conn->prepare("INSERT INTO answers (Answer1Text, Answer2Text) VALUES (?, ?)"); $stmt->bind_param('ss', $text1, $text2); $stmt->execute(); $answerid = $stmt->insert_id; $stmt = $conn->prepare("INSERT INTO question (QuestionText) VALUES (?)"); $stmt->bind_param('s', $q_text); $stmt->execute(); $questionid = $stmt->insert_id; // THIS IS THE SECOND EXECUTION OF QUERY 2 if ($stmt->execute()) { $stmt = $conn->prepare("INSERT INTO question_answers (AnswerID, QuestionID) VALUES (?, ?)"); $stmt->bind_param('ss', $answerid, $questionid); $stmt->execute(); echo "<h2>Dit spørgsmål er nu lagt op på siden!</h2>"; echo "<h3>Tusinde tak for din interesse for SMIL - Skodfri Århus.</h3>"; } else { echo "ERROR: Could not able to execute . " . mysqli_error($conn); } } // close connection mysqli_close($conn); ?>

Instead try this as the IF test

 //if ($stmt->execute()) { if ( isset($answerid,$questionid) ) {
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

By defining my queries as '$stmt1' and '$stmt2' and then as safety, having a 'if ( isset($answerid,$questionid) ) {' helped solve the problem. Thanks so much for all the answers.
1

if ($stmt->execute()) {

this runs one of your statements a second time. You should assign the return value to a variable if you need it for something later.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.