Click here to Skip to main content
15,920,217 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi!

I'm currently doing a small project using PHP, AJAX and BOOTSTRAP Modal. My code is working fine but sometimes the data save twice and I don't know why.

Any ideas on how to solve this problem? Thank you in advance.

What I have tried:

AJAX
JavaScript
$(document).ready(function(){
	fetch();

	//ADD
	$('#AddStocks').click(function(){
		$('#AddStocksModal').modal('show');
	});
	$('#addFormstocks').submit(function(e){
		e.preventDefault();
		var addform = $(this).serialize();
		$.ajax({
			method: 'POST',
			url: 'functions/add_stocks_submit.php',
			data: addform,
			dataType: 'json',
			success: function(response){
				$('#AddStocksModal').modal('hide');
				$(this).find('form').trigger('reset');
				if(response.error){
					$('#alert').show();
					$('#alert_message').html(response.message);
				}
				else{
					$('#alert').show();
					$('#alert_message').html(response.message);
					fetch();
				}
			}
		});
	});
	//


PHP
PHP
<?php

	include_once('../connection/pdo_db_connection.php');

    $assettagad = $_POST['assettagad'];

	$output = array('error' => false);

	$database = new Connection();
	$db = $database->open();

	if(!isset($error)) {
        $stmt = $db->prepare("SELECT asset_tag FROM sys_stocks WHERE asset_tag = ?");
        $stmt->execute(array($assettagad));
        $row_count = $stmt->rowCount();
        
        if ($row_count > 0){
			$output['message'] = 'Asset Tag is already exist!';
        }
	else
    {
        $sql = "INSERT INTO sys_stocks (asset_tag, particulars, status)
             
        VALUES ((UPPER('".$_POST["assettagad"]."')), (UPPER('".$_POST["particularad"]."')), (UPPER('".$_POST["hstatstocks"]."')))";
        ($db->query($sql));
        
        $output['message'] = 'Stock added successfully!';   
    }
}
    //close connection
    $database->close();

    echo json_encode($output);

?>
Posted
Updated 18-May-19 20:17pm
Comments
Richard Deeming 4-Apr-19 14:38pm    
$sql = "INSERT INTO sys_stocks (asset_tag, particulars, status)
VALUES ((UPPER('".$_POST["assettagad"]."')), (UPPER('".$_POST["particularad"]."')), (UPPER('".$_POST["hstatstocks"]."')))";

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
PHP: SQL Injection - Manual[^]
Kenjiro Aikawa 5-Apr-19 21:18pm    
Thank you for your advised even though it is not answered my question.
phil.o 19-May-19 6:01am    
That is why he provided it as a comment to your question. But make no mistake: this is the real issue in your code, i.e. the one that you should correct as soon as possible, before even trying to trace back the reason of duplicated records.
Is there a possibility that a double click on the submit button would send a couple of requests?
Kenjiro Aikawa 28-May-19 2:26am    
Hi! I have already solve my problem last month using unique index. Thank you for your reply.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900