Duplicate data when submitting form and F5 and also stores empty values

2

Whenever I press f5 or click submit, php stores the data again. I know it's a common problem and I've already tried to redirect it with the header, but it's included in the index.php with include.

I also know that the msql words should have an i in the end but I will adapt later, I used php and ajax how do I solve the problem?

Follow the code below:

The index.php

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title></title>
<link rel="stylesheet" type="text/css" href="">
<script 
  src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script><scripttype="text/javascript" src="AjaxTeste.js"></script>
</head>
<body>
<header>
</header>
<section>
    <form method="POST" id="formulario" name="formulario">
        <input type="text" id="nome" placeholder="nome" name="nome"><br>
        <input type="text" id="sobrenome" placeholder="sobrenome" 
name="sobrenome"><br>
        <input type="email" id="email"  placeholder="e-mail" name="email"> 
<br>
        <input type="password" id="password" placeholder="password" 
name="password"><br>
        <input type="submit" id="enviar" value="enviar" id="enviar" 
name="enviar"><br>
        </form>
    <div id="dados"><p></p></div>

</section>

<footer>
</footer>
<?php 
include "cadastro/dados.php";
?>
</body>
</html>

Jquery / Ajax

    $(document).ready(function(){
    $("#enviar").click(function(){
        var nome = $("#nome").val();
        var sobrenome = $("#sobrenome").val();
        var email = $("#email").val();
        var senha = $("#password").val();

        $.ajax({
        type: "POST",
        url: "cadastro/dados.php",
        dataType: "JSON",
        data:{

            "nome": nome,
            "sobrenome": sobrenome,
            "email": email,
            "senha": senha
        }

        sucess:function(data){
            $("#dados" :p).html(data);
        }
    }); 
    });
});

The data.php

<?php  
error_reporting(E_ALL ^ E_DEPRECATED);
$connect = mysql_connect("localhost", "root","") or die("não foi possivel 
ligar ao servidor");
$db = mysql_select_db("usuario", $connect) or die ("impossivel entrar no 
banco de dados");


if (isset($_POST['enviar'])) {

$nome = $_POST['nome'];
$sobrenome = $_POST['sobrenome'];
$email = $_POST['email'];
$senha = $_POST['password'];
if (empty($nome)||strlen($nome)<1){
    echo "Prencha o(s) campo(s)";


if (empty($sobrenome) ||strlen($sobrenome)<1){
    echo "Prencha o(s) campo(s)";

if(empty($email) ||strlen($email)<1){
    echo "Prencha o(s) campo(s)";

 if(empty($senha)|| strlen($senha)<1 ){
echo "Prencha o(s) campo(s)";


}}


    $query = "INSERT INTO cadastro (nome,sobrenome,email,senha) VALUES 
   ('$nome','$sobrenome','$email','$senha')";
    $data = mysql_query($query) or die(mysql_error());
    $buscar = mysql_query("SELECT * FROM cadastro ORDER BY id DESC") or 
   die(mysql_error());
    $consulta= mysql_fetch_assoc($buscar);
    $rows = mysql_num_rows($buscar);



if ($rows>0) {


while ($consulta= mysql_fetch_array($buscar)){  

    echo "Seu nome é "." ".$consulta['nome']. " ".$consulta['sobrenome']. " 
     ". 
    "com o email ". $consulta['email']."<br>";}
}
   //if (isset($_POST['enviar'])) {
    //  header("location: redireciona.php");

}
}

}
?>
    
asked by anonymous 01.04.2018 / 23:58

1 answer

1

Hello, 1st - The script is made to record every time "send" is clicked. One option would be to disable the submit button after the click. Ex: $("#enviar").prop("disabled",true);

2º - All the part of the query is inside the if's of the name and surname. Using a program or website that makes automatic indentation is easy to see. Ex: PHPFormatter , PHPBeautifier

Direct insertion of $ _POST is not secure

Code sample for data.php

<?php

error_reporting(E_ALL ^ E_DEPRECATED);
$connect = mysql_connect("localhost", "root", "") or die("não foi possivel ligar ao servidor");
$db = mysql_select_db("usuario", $connect) or die("impossivel entrar no banco de dados");


if (isset(filter_input(INPUT_POST, 'enviar'))) {

    $nome = filter_input(INPUT_POST, 'nome');
    $sobrenome = filter_input(INPUT_POST, 'sobrenome');
    $email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
    $senha = filter_input(INPUT_POST, 'password');
    if (empty($nome)) {
        die("Prencha o(s) campo(s) de nome");
    }

    if (empty($sobrenome)) {
        die("Prencha o campo sobrenome");
    }

    if (empty($email)) {
        die("Prencha o campo de email");
    }
    if (empty($senha)) {
        die("Prencha o campo de senha");
    }

    $query = "INSERT INTO 'cadastro' ('nome', 'sobrenome', 'email', 'senha') VALUES ('{$nome}','{$sobrenome}','{$email}','{$senha}')";
    $data = mysql_query($query) or die(mysql_error());
    $buscar = mysql_query("SELECT * FROM 'cadastro' ORDER BY 'id' DESC") or die(mysql_error());
    $consulta = mysql_fetch_assoc($buscar);
    $rows = mysql_num_rows($buscar);

    if ($rows > 0) {
        while ($consulta = mysql_fetch_array($buscar)) {
            echo "Seu nome é {$consulta['nome']} {$consulta['sobrenome']} com o email {$consulta['email']} <br>";
        }
    }
    //if (isset($_POST['enviar'])) {
    //  header("location: redireciona.php");
}
?>
    
02.04.2018 / 01:31