>> If you have to do header("Location: ...") you have a >> design/engineering/organizational problem in your code/pages/site. >> >> I'm sure a zillion people will disagree with this "rule" > >I agree, except there's one exception to this that I can't see a way around. > >When dealing with form submissions the receiving file needs to validate all >the code before anything is sent to the browser, update the database (or >whatever) and then redirect to itself with some sort of GET flag that issues >a thankyou note or something. > >Otherwise people can hit "refresh" and post the data twice, or 10 times :) > > >I can't see any SERVER SIDE way around this.
Just send a uniquid() with each <FORM> One, and only one, "submit" can be allowed for that uniquid(). They can still work at it and go back and reload the FORM and then re-fill it out, and then submit again... If you want to stop *that* you need to identify them, (cookies, sessions, whatever) and then time-stamp submissions, and then rule out submissions from the same person within a given time stamp. You don't really need to re-direct for that... In fact, it doesn't really stop a hard-core person from working around your re-direct anyway, unless you already are doing all the above... And at that point, just spew out your error message about multiple posts, instead of re-directing. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php