I see you are doing everything with URL parameters instead of form POST values... and you aren't even redirecting after sending the email.
That means that if the user closes their browser window and then opens up their browser again a few days later and it is set to re-open previous pages, it will send the email again. Also if someone refreshes the page, or goes to it in their history. They could even post it and send it to someone and it could be indexed and followed by bots and send emails.
I'd suggest maybe setting a session variable on the first page and clearing it after sending the email and adding a check to see that session variable exists before sending the email so that they would have to go back to the first page and fill it out instead of just refreshing or re-visiting the second page.
So on aircraft-engine-quote.php add this to the top of the page:
<?php
if ((isset($_GET["MM_insert"])) && ($_GET["MM_insert"] == "quoteForm")) {
@session_start();
$_SESSION['sendonce'] = 1;
}
?>
Then on your pyaQuoteDataResults.php page add this to the very top:
<?php
@session_start();
?>
and then update the email trigger on line 104 to:
if ((!($totalRows_WADApyaQuoteData == 0)) && isset($_SESSION['sendonce'])) {
then below the email code before any html add:
<?php
unset($_SESSION['sendonce']);
?>
That should ensure you only send one email per insert into the database no matter what.
( also you have script and css code above your <html> tag on the results page.... the code from lines 235-259 should be moved inside the <head> tag that begins on line 263 )
