I am quite new to php and I am just trying my hands at a script, it is not aptly written however as it is vulnerable to SQL injection. I intend to improve on that however that is only possible as I advance in PHP. I am facing a problem currently when I try to POST variables from Java (Android) and use them to query my database. However the script is executing twice, I find duplicate records in my database. Following is the script:
<?php
require 'DbConnect.php';
$Make = $_POST["Make"];
$Model = $_POST["Model"];
$Version= $_POST["Version"];
$FuelType= $_POST["FuelType"];
$Kilo = $_POST["Kilo"];
$Price= $_POST["Price"];
$Reg= $_POST["Reg"];
$Color= $_POST["Color"];
$Mdate= $_POST["Mdate"];
$Desc= $_POST["Desc"];
$Loc= $_POST["Loc"];
$Owners = $_POST["Owners"];
$Negot= $_POST["Negot"];
$Trans= $_POST["Trans"];
$AC= $_POST["AC"];
$car_lockk= $_POST["Lockk"];
$Sunroof= $_POST["Sunroof"];
$Window= $_POST["Window"];
$Seat= $_POST["Seats"];
$Stearing= $_POST["Stearing"];
$Music= $_POST["Player"];
$Wheels= $_POST["Wheel"];
$Sound= $_POST["Sound"];
$Drive= $_POST["Drive"];
$ID = $_POST["Seller_ID"];
$query2 = "INSERT INTO used_cars (make, model, version, color, \
manufacturing_date, km_driven, fuel_type, expected_price, \
negotiable, registration_place, no_of_owners, description, \
current_location, transmission, ac, sunroof, window, seats, \
stearing, player, wheels, sound_system, drive, car_lockk, seller_id) \
VALUES ('$Make', '$Model', '$Version', '$Color', '$Mdate', '$Kilo', \
'$FuelType', '$Price', '$Negot', '$Reg', '$Owners', '$Desc', '$Loc', \
'$Trans', '$AC', '$Sunroof', '$Window', '$Seat', '$Stearing', \
'$Music', '$Wheels', '$Sound', '$Drive', '$car_lockk', '$ID')";
if(mysql_query($query2)){
echo 'success';
//echo $Img
}else{
echo 'Fail';
}
?>