Form submit only once with php

Question

I have the following tables. The one is for login and user registration and the other it will store the answers of a survey with many questions. Just for now I have 2 textboxes to test it. My aim is every user to submit only once the survey. So I have the following. The one table is for login and registration

CREATE TABLE IF NOT EXISTS `users` (
  `userid` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(25) NOT NULL,
  `username` varchar(25) NOT NULL,
  `password` varchar(25) NOT NULL,
  PRIMARY KEY (`userid`),
  KEY `userid` (`userid`),
  KEY `userid_2` (`userid`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=18 ;

and this one is to keep the first name and the last name

CREATE TABLE IF NOT EXISTS `survey` (
  `surveyid` int(11) NOT NULL AUTO_INCREMENT,
  `firstname` varchar(25) NOT NULL,
  `lastname` varchar(25) NOT NULL,
  PRIMARY KEY (`surveyid`),
  KEY `firstname` (`firstname`),
  KEY `firstname_2` (`firstname`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;

My login.php page is

<?php 
session_start();

@$username = $_POST['username'];
@$password = $_POST['pass'];

if(@$_POST['Submit']){
if($username&&$password)
{
$connect = mysql_connect("localhost","****","****") or die("Cannot Connect");
mysql_select_db("project") or die("Cannot find the database");

$query = mysql_query("SELECT * FROM users WHERE username='$username'");
$numrows = mysql_num_rows($query);
if($numrows!=0)
{
    while ($row = mysql_fetch_assoc($query))
    {
        $dbusername = $row['username'];
        $dbpassword = $row['password'];
    }
    if($username==$dbusername&&$password==$dbpassword)
    {
        echo "You are login!!!!! Continue now with the survey <a href='mainpage.php'>here</a>";
        $_SESSION['username']=$username;
    }
    else
    {
        echo "<b>Incorrect Password!!!!</b>";
    }
}
else
    //die("That user does not exist");
    echo "<b>That user does not exist</b>";
}
else
echo "<b>You must enter a username and a password</b>";
}
?>

<html xmlns="http://www.w3.org/1999/xhtml">
<head>   
<title>Login Page</title>
</head>
<body>

<h2>Login Page</h2>
<form name="loginform" method='POST'>

<fieldset>
<legend>Form</legend>
    <label>Username: <input type="text" name="username"/><span>*</span></label><br/>
    <label>Password: <input type="password" name="pass"/><span>*</span></label>
    <input class="placeButtons" type="reset" value='Reset'/>
    <input class="placeButtons" type="submit" name="Submit" value='Login'/>
    <a href='registration.php'>Register</a>
</fieldset>

</form>
</body>
</html>

my page which inserts the data is

<?php 
session_start();

if ($_SESSION['username'])
{
echo "Welcome, ".$_SESSION['username']."! <a href='logout.php'>Logout</a>";
}
else
die("You must be logged in!!");
?>

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<script src="question.js"></script>
<title>Questionnaire</title>
<style type="text/css"> 
    span {color: #FF00CC}
</style>
</head>
<body  background="images/good.jpg">
<h1>Please complete the following Survey</h1>
<form name="quiz" method="post" action="submitsurvey.php">

First Name: <input type="text" name="firstname" id="fname"/>
<p></p>
Last Name: <input type="text" name="lastname" id="lname"/>
<input type="submit" name="submitbutton" value="Go"></input>
<input type="reset" value="clear all"></input>
</form>
</body>
</html>

and finally submitsurvey.php is the page which stores the data in the database

<?php
session_start();

if ($_SESSION['username'])
{
echo "Welcome, ".$_SESSION['username']."! <a href='logout.php'>Logout</a>";
}
else
die("You must be logged in!!");
$con=mysql_connect ("localhost","****","****");
mysql_select_db("project",$con);
@$firstname=$_POST['firstname'];
@$lastname=$_POST['lastname'];

$s="INSERT INTO survey(`firstname`,`lastname`) VALUES ('$firstname','$lastname')";
echo "You have successfully submit your questions";
 mysql_query ($s);
?>

I would like your thoughts of how can I continue. As first thought is to create a foreign key of surveyid in users tables. I tried it but it was impossible to register and the reason I think is because the survey table is empty. Maybe I am completely wrong but this is just a thought

UPDATE I created a lookup table but it does not get the userid and surveyid

CREATE TABLE IF NOT EXISTS `lookup` (
`lookupid` int(11) NOT NULL AUTO_INCREMENT,
`surveyid` int(11) NOT NULL,
`userid` int(11) NOT NULL,
PRIMARY KEY (`lookupid`),
KEY `surveyid` (`surveyid`,`userid`),
KEY `userid` (`userid`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

ALTER TABLE `lookup`
  ADD CONSTRAINT `lookup_ibfk_2` FOREIGN KEY (`userid`) REFERENCES `users` (`userid`) ON DELETE CASCADE ON UPDATE NO ACTION,
  ADD CONSTRAINT `lookup_ibfk_1` FOREIGN KEY (`surveyid`) REFERENCES `survey` (`surveyid`) ON DELETE CASCADE ON UPDATE NO ACTION;

Answer 1

Don't use MySQL, use PDO or MySQLi instead. MySQL is old, deprecated and vulnerable

Answer 2

How about a lookup table that has 3 fields, lookupID, surveyID and userID

When they fill out the survey, add a record to the lookup table.

On the page where you load the survey, query the lookup table for the user's ID. If it exists echo a message "Thanks, but you have already completed the survey".

Oh and by the way, your login script is a perfect example of how to fall victim to a SQL injection.