F
F
Fedia Fox2020-01-17 12:03:52
Laravel
Fedia Fox, 2020-01-17 12:03:52

How to search for record in db and cancel form resubmission in Laravel 6 db?

Good afternoon!
Please help!
There is a form that reads the data and sends it to the database. When you first visit the page, an error is generated that $_GET is empty, but if $_GET is not empty, then when the page is reloaded, it sends the same data.

<form method="post">
        <label>Биржы</label>
        <select name="exchanges">
            <?
            $names_exchanges = DB::select('select name from trades;');
            ?>
            @foreach ($names_exchanges as $exchange)
                <option value="{{ $exchange->name }}">{{$exchange->name }}</option>
            @endforeach
        </select>
        <label>Название</label>
        <input name="name_ac">
        <label>Key</label>
        <input name="key">
        <label>Secret</label>
        <input name="secret">
        <input type="submit">
    </form>

Controller code:
public function index()
    {
        $user = Auth::id();
        $exchange = $_GET['exchanges'];
        $name_ac = $_GET['name_ac'];
        echo $key_acc = $_GET['key'];
        $secret = $_GET['secret'];

        $results = DB::select('select id from trades where name = ?', [$exchange]);
        global $trade_id;
        foreach ($results as $key => $object) {
            $trade_id = $object->id;
        }
        $checkDB = DB::table('user_trades')
            ->where('key_acc', $key_acc);

        if ($checkDB) {
            
            DB::insert('insert into user_trades (name,key_acc,skey,user_id,trade_id) values (?, ?, ?, ?, ?)', [$name_ac, $key_acc, $secret, $user, $trade_id]);

        } else {
            echo "Такой аккаунт существует";
        }

PS I'm a newbie

Answer the question

In order to leave comments, you need to log in

3 answer(s)
T
ThunderCat, 2020-01-17
@ThunderCat

1) there is no form in the question, but not the essence ...
2) use POST instead of GET
2.1) if ($_SERVER['REQUEST_METHOD'] === 'POST') {...
2.2) header('location: /');
A separate point is not to insert data that came from the user without processing into requests.
UPD: $checkDB will return true (in fact, a non-empty query object) if the user already exists, and you add the record AGAIN... Nice...

L
Lone Ice, 2020-01-17
@daemonhk

1. NEVER use get and post directly without processing, do escaping, cast to the right type, etc.
2. It is DESIRABLE to compare data not directly, but their hashes
3. Do not use global - you can easily overwrite the variable, and then be surprised at the result
4. Learn to debug, and not run to the toaster for any sneeze, for example, you add a record every time, which means , the $checkDB condition always fires. Why? See bare requests in pma, what comes to you, what you compare with, etc.
5. Get data before rendering the page, not during

R
Roman, 2020-01-17
@Terran37

You have three options.
1. Make a check that such a user_id has already been passed and do not insert (through related entities)
2. Make a check for duplicates by a constraint at the database level when saving.
3. Make a new field and mark that the data for this user has already been received.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question