Drupal FAPI form calls callback twice

First post on stack overflow... so go easy on me!

There doesn't seem to be a suitable solution to the Drupal FAPI multiple callback issue for simple form submissions.

THE开发者_如何学运维 PROBLEM: My form, when submitted, adds two entries to the respective database table. Given that there is only one call to add it to the database, I feel it's safe to assume that the query is run twice (hence the dual entries).

The following code may help to provide a basis for a solution. Oh, it's Drupal 7 too, so documentation is still very much D6 centric.

function mymodule_sidebar_form_add_submit(&$form, &$form_state) {

  $form_values = $form_state['values'];

  $se_title = check_plain(trim($form_values['title']));
  $se_link = url(trim($form_values['link']));
  $se_content = check_plain(trim($form_values['content']));
  $se_image = isset($form_values['image']) ? $form_values['image'] : '';

  // The multi-line part below is actually a single line the real code
  $query = sprintf("INSERT INTO sidebar_element(title, image_url, content) 
      VALUES ('%s', '%s', '%s');", $se_title, $se_image, $se_content);

  db_query($query);
  drupal_set_message(t('Sidebar Element has been added successfully.'));
}

... and my form function contains a submit button:

  $form['submit'] = array(
      '#value' => t('Add Sidebar'),
      '#type' => 'submit',
      '#title' => t('Add Sidebar'),
      '#submit' => array('mymodule_sidebar_form_add_submit'),
      );

I guess the questions I need answered are:

1. Why is there a double callback in the first place?
2. Is there a way to identify the first callback?

Thanks in advance to all.

  $form['submit'] = array(
      '#type' => 'submit',
      '#value' => t('Save')
  );
  $form['#submit'] = array('my_form_submit');

And replace

// The multi-line part below is actually a single line the real code
  $query = sprintf("INSERT INTO sidebar_element(title, image_url, content) 
      VALUES ('%s', '%s', '%s');", $se_title, $se_image, $se_content);

  db_query($query);

with

// The multi-line part below is actually a single line the real code
  $query = "INSERT INTO {sidebar_element} (title, image_url, content) 
      VALUES ('%s', '%s', '%s')";

  db_query($query, $se_title, $se_image, $se_content);

For Drupal 7

// Add the buttons.
  $form['actions'] = array('#type' => 'actions');

  $form['actions']['submit'] = array(
    '#type' => 'submit', 
    '#access' => my_func(), 
    '#value' => t('Save'), 
    '#weight' => 100, 
    '#submit' => array('my_form_submit'),
  );

As example read node_form() code

To find out where the second call is coming from, the easiest way is to install devel.module and use ddebug_backtrace() in your submit callback. You might need to disable the HTTP redirecto to see it, too (exit()).

But more importantly, use the API, Luke!

<?php
db_insert('sidebar_element')
  ->fields(array(
    'title' => $se_title,
    'image_url' => $se_image,
    'content' => $se_content,
  ))
  ->execute():
?>

This is how your insert query should look like, what you are doing is insecure!

And for SELECT, use db_query() with named placeholders:

<?php
$result = db_query('SELECT * FROM {sidebar_element} WHERE title = :title', array(':title' => $something));
?>