Forgive me for coming in late on this... I haven't read the whole thread,
but I'd start be saying that obviously JavaScript is not an option, and
quite possible "asking them not to click the back button" is not an option

I use the following theory on a single page form, but can't see any reason
why it can't happen on a multi part form.

I perform all form validation BEFORE outputting anything to the page, and
establish if the form data was good or not.  Good results in uploading to
the DB, and a redirect to a thanks page (or in your case, another form), and
bad results in the form being shown again.

Since nothing is sent to the page (other than a redirect) if the data is
good, the page doesn't exist at the browser, so there's no chance of them
hitting back and re-submitting the data twice by accident.

Of course they CAN hit back and see the form they just filled out, and make
changes to it, and resubmit on purpose, but is this such a bad thing??

On the other hand, once they reach stage 2 (ie, stage 1 was valid), you
could always set a cookie.  If they DO click back to stage 1, you could
always do a check for that cookie, and NOT show them the form again, which
removes just about any chance of them resubmitting data, or going back thru
the steps, UNLESS they have cookies turned off... which is a low percentage.

Changing this to sessions in the URL would remove the chance all together.

I'd recommend NOT breaking THEIR browser with the disabling of the back
button... it's THEIRS after all, and they may WANT to go back through the
sites they surfed before hitting you.

Just my opinion though :)

Justin French
Creative Director

on 03/04/02 1:54 AM, Erik Price ([EMAIL PROTECTED]) wrote:

> On Tuesday, April 2, 2002, at 09:15  AM, Rick Emery wrote:
>> use cache control in your HTML to prevent BACK button usage
>> This is easily done
> I've tried this using the HTTP headers recommended on the header() man
> page, such as
> header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
> header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
> header("Cache-Control: no-store, no-cache, must-revalidate");
> header("Cache-Control: post-check=0, pre-check=0", false);
> header("Pragma: no-cache");
> These don't seem to have the effect that I'm looking for.  Someone else
> on the list suggested storing a session variable that basically says
> "this page  has been filled out, do not do anything if it has been
> resubmit" which is a good idea, but I was hoping to have the user
> automatically re-routed to an error page if they hit the "back" button.
> (The session variable idea won't work until they refresh a page or
> submit a form, because they will be returning to a page in their
> history.)
> Erik
> ----
> Erik Price
> Web Developer Temp
> Media Lab, H.H. Brown

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to