SQL in PHP Inserting Two Rows Instead of One

Question

The following code is inserting two records into my database, but I only want it to insert one. Why is it inserting the row twice?

<?
if (!$con)
{
    die('Could not connect: ' . mysql_error());
}

$i=1;

while($i<=1)
{
    if (isset($_POST['submit'])) 
    {
        $sql="INSERT INTO customers 
                  (company, salutation, first_name, 
                   last_name, phone, email, fax, 
                   street, town, county, postcode, 
                   type, notes)
              VALUES
                  ('$_POST[company]',
                   '$_POST[salutation]',
                   '$_POST[first_name]',
                   '$_POST[last_name]',
                   '$_POST[phone]',
                   '$_POST[fax]',
                   '$_POST[email]',
                   '$_POST[street]',
                   '$_POST[town]',
                   '$_POST[county]',
                   '$_POST[postcode]',
                   '$_POST[type]',
                   '$_POST[notes]')";

        if (!mysql_query($sql,$con))
        {
            die('Error: ' . mysql_error());
        }
    }

    $i++;
}
?>

Answer 1

At a guess, I'd say it's because it's being executed twice. (Not being smarmy - it's most likely a control flow problem, as there doesn't seem to be anything that would cause the above to insert twice as it stands.)

That said, there's quite a few worrying things in there such as a lack of input escaping, etc. e.g.: What's the purpose of the $i variable?

Answer 2

I have worked through your code and I don't see any reason for the double insert. Is there something else we should know about? It should not be causing the problem, but why is there a while loop in your code? Is there any way this page is being submitted twice? Is there a trigger in place?

Answer 3

I can't say from only this. And that code is barely readable indentation is worse than just non-existant and the way you are embedding your post variables in your query doesn't make it any clearer either (and it might actually cause a security vulnerability).

Try writing echo $sql; after your $sql = ... monster. You will be able to see if two queries are executed or if it is just one query that inserts two rows, and in the last case it will probably give you quite a hint why it did that. If it does not help you, post your results of that there, and I or someone else here can have a look at it. But note that it will not be easy or pleasant for us with such ungraceful code.

Answer 4

Does the CUSTOMERS table have at least a primary key defined to stop duplicates?

Is your PHP webapp smart enough to stop someone from reaching this page if an entry in the CUSTOMERS table for the column combination already exists in the table?