> My first thought is to compare the values being submitted with those in > the database, if they are exactly the same then abort the action...
Close, but that fails if someone actually has an identical request. (it happens, depending on your forms). My preferred method is to drop a random value in the form in addition to the other info. If that user submitted a form with the same random value (or in cases that don't involve recording usernames, I check to see if that random value appeared in the last X minutes), treat it appropriately (usually involving taking them to a confirmation page). Of course, this still has a 1 in a (my pseudorandom range) of failure, but I consider that worth removing faulty double submissions. --------------------------------------------------------------------- Web Archive: http://www.mail-archive.com/cgiapp@lists.vm.com/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
