>> If you have to do header("Location: ...")  you have a
>> design/engineering/organizational problem in your code/pages/site.
>> I'm sure a zillion people will disagree with this "rule"
>I agree, except there's one exception to this that I can't see a way around.
>When dealing with form submissions the receiving file needs to validate all
>the code before anything is sent to the browser, update the database (or
>whatever) and then redirect to itself with some sort of GET flag that issues
>a thankyou note or something.
>Otherwise people can hit "refresh" and post the data twice, or 10 times :)
>I can't see any SERVER SIDE way around this.

Just send a uniquid() with each <FORM>

One, and only one, "submit" can be allowed for that uniquid().

They can still work at it and go back and reload the FORM and then re-fill
it out, and then submit again...

If you want to stop *that* you need to identify them, (cookies, sessions,
whatever) and then time-stamp submissions, and then rule out submissions
from the same person within a given time stamp.

You don't really need to re-direct for that...

In fact, it doesn't really stop a hard-core person from working around your
re-direct anyway, unless you already are doing all the above...

And at that point, just spew out your error message about multiple posts,
instead of re-directing.

Like Music?  http://l-i-e.com/artists.htm

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to