But what if the data being inserted isn't unique?   What if it's a voting 
form that says "Do you like pie?  Yes/No"?   True, it could record the 
response and the userid or IP address so that would be a unique pairing but 
what if the vote was anonymous and you allowed multiple people from the 
same IP address (ie behind a firewall/proxy) to submit votes?

There could be cases where the data isn't necessarily unique, is all I'm 
saying.  In which case you could use the unique ID thing to make sure it's 
not a double-submit from the same person, or only allow a submission every 
XX seconds from a single IP address, or maybe create some kind of 
fingerprint of the voter using their browser type and version or some other 
odd method.  The unique ID thing is by far the simplest and less 
discriminatory against people beind firewalls or proxies.

So you see, there is some kind of case for allowing non-unique input into the 
database, depending on the circumstances.


----- Original Message -----
Cc: php-db@lists.php.net
Date: Fri, 05 Oct 2007 10:34:50 +0200
Subject: Re: [PHP-DB] Prevention for multiple submissions from the same form

> T K napsal(a):
> > I've learned that this is possible to make and send a unique id in
> > hidden input, and check if the id is used before database query is
> > issued. (PHP Cookbook [O'reilly]).
> Why? You should always ensure that only unique data are inserted into 
> database. This is not just about multiple submissions. Visitor can 
> submit form then forgets about that so he goes back and submits the same 
> thing again.
> -- 
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to