One more issue Iām having is when the user clicks the back button and hits the submit button again a new record is added containing the old information. Is there a way to clear the form so that the user will have to enter new values again even when the user uses the back button?
As @Azer_Qurbanov pointed out, you execute the query three times, therefore get three inserts.
You only need the one in the if condition.
You should have a test in there to check for a form submision and only run the form parsing code then.
if($_SERVER['REQUEST_METHOD'] == 'POST'){
// Parse form
}
Thatās OK, but I will point out some beginner mistakes you have to improve your coding.
First your HTML.
Using the lang attribute is good, but you can be even more specific with English saying whether itās en-gb (Great Britain) en-us (United States) or any other version of the language.
There is no need for the dir attribute as ltr is default.
The align attribute and font element are obsolete in html5, you should be using CSS to do this instead. The u element has not been removed, but itās much better to use CSS for that sort of thing too.
As for the PHP side, if you do have html and php in the same document, itās best to do the PHP at the very start before any html output, so before the <!DOCTYPE>. Things that you want to echo can be stored in a variable for output later, Eg:-
if (mysqli_query($con, $insert)) {
$message = "Thank you! Your entry was submitted successfully.";
} else {
$message = "Error: " . $insert . "<br>" . mysqli_error($con);
}
The next point is a security concern.
Putting raw, unsanitised user data into an SQL query is a big no no, as it leaves you open to SQL injection attacks. You need to use prepared statements for this, look it up and ask for help if you get stuck.
Thank you so much. I was also concerned with security. Please help with regards to a prepared statement. I donāt know anything about prepared statements.
Donāt use mysqli_real_escape_string with prepared statements, they make it redundant.
As I said Iām not familiar with prepared statements in mysqli, so Iām not certain on this, but in examples I have seen the parameters are bound individually. Someone could hopefully clarify this, as Iām not familiar with paramerter binding either, in PDO I insert the values as an array in the execute(), Iām not sure if mysqli can do that.