>> If you have to do header("Location: ...") you have a
>> design/engineering/organizational problem in your code/pages/site.
>>
>> I'm sure a zillion people will disagree with this "rule"
>
>I agree, except there's one exception to this that I can't see a way around.
>
>When dealing with form submissions the receiving file needs to validate all
>the code before anything is sent to the browser, update the database (or
>whatever) and then redirect to itself with some sort of GET flag that issues
>a thankyou note or something.
>
>Otherwise people can hit "refresh" and post the data twice, or 10 times :)
>
>
>I can't see any SERVER SIDE way around this.
Just send a uniquid() with each <FORM>
One, and only one, "submit" can be allowed for that uniquid().
They can still work at it and go back and reload the FORM and then re-fill
it out, and then submit again...
If you want to stop *that* you need to identify them, (cookies, sessions,
whatever) and then time-stamp submissions, and then rule out submissions
from the same person within a given time stamp.
You don't really need to re-direct for that...
In fact, it doesn't really stop a hard-core person from working around your
re-direct anyway, unless you already are doing all the above...
And at that point, just spew out your error message about multiple posts,
instead of re-directing.
--
Like Music? http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
