我很新的PHP和我只是想我的手在一个脚本,它不恰当地写然而,因为它是容易受到SQL注入。我打算在这方面做出改进,但这只有在PHP推进时才有可能。当我尝试从Java(Android)POST变量并使用它们查询数据库时,我正面临着一个问题。然而,脚本执行两次,我发现我的数据库中有重复的记录。以下是该脚本:PHP - MySQL查询执行两次
<?php
require 'DbConnect.php';
$Make = $_POST["Make"];
$Model = $_POST["Model"];
$Version= $_POST["Version"];
$FuelType= $_POST["FuelType"];
$Kilo = $_POST["Kilo"];
$Price= $_POST["Price"];
$Reg= $_POST["Reg"];
$Color= $_POST["Color"];
$Mdate= $_POST["Mdate"];
$Desc= $_POST["Desc"];
$Loc= $_POST["Loc"];
$Owners = $_POST["Owners"];
$Negot= $_POST["Negot"];
$Trans= $_POST["Trans"];
$AC= $_POST["AC"];
$car_lockk= $_POST["Lockk"];
$Sunroof= $_POST["Sunroof"];
$Window= $_POST["Window"];
$Seat= $_POST["Seats"];
$Stearing= $_POST["Stearing"];
$Music= $_POST["Player"];
$Wheels= $_POST["Wheel"];
$Sound= $_POST["Sound"];
$Drive= $_POST["Drive"];
$ID = $_POST["Seller_ID"];
$query2 = "INSERT INTO used_cars (make, model, version, color, \
manufacturing_date, km_driven, fuel_type, expected_price, \
negotiable, registration_place, no_of_owners, description, \
current_location, transmission, ac, sunroof, window, seats, \
stearing, player, wheels, sound_system, drive, car_lockk, seller_id) \
VALUES ('$Make', '$Model', '$Version', '$Color', '$Mdate', '$Kilo', \
'$FuelType', '$Price', '$Negot', '$Reg', '$Owners', '$Desc', '$Loc', \
'$Trans', '$AC', '$Sunroof', '$Window', '$Seat', '$Stearing', \
'$Music', '$Wheels', '$Sound', '$Drive', '$car_lockk', '$ID')";
if(mysql_query($query2)){
echo 'success';
//echo $Img
}else{
echo 'Fail';
}
?>
此代码是易受[SQL注入](https://www.owasp.org/index.php/SQL_Injection),以及'mysql_'功能弃用。请改为通过[MySQLi](http://php.net/manual/en/book.mysqli.php)使用参数化查询。 – Polynomial 2013-04-26 12:30:47
经过两次点击后,您会知道,例如,如果我发布了我的数据,并使用query()函数引导到您的页面,并且刷新页面,它会再次发布相同的数据? – 2013-04-26 12:32:40
取消注释'if'语句,并在成功插入数据后重定向。请使用'mySQLi'或'PDO'。 – chriz 2013-04-26 12:39:08