On Tuesday, July 2, 2002, at 11:10  PM, Justin French wrote:

> on 03/07/02 11:54 AM, Richard Lynch ([EMAIL PROTECTED]) wrote:
>> Rule of Thumb:
>> If you have to do header("Location: ...")  you have a
>> design/engineering/organizational problem in your code/pages/site.
>> I'm sure a zillion people will disagree with this "rule"
> I agree, except there's one exception to this that I can't see a way 
> around.
> When dealing with form submissions the receiving file needs to validate 
> all
> the code before anything is sent to the browser, update the database (or
> whatever) and then redirect to itself with some sort of GET flag that 
> issues
> a thankyou note or something.
> Otherwise people can hit "refresh" and post the data twice, or 10 
> times :)

Justin!  That's a great idea.  No one ever mentioned that to me before 
(and I've been on and off this list for months).  Or actually, I think 
YOU mentioned it once but I didn't understand it.

So let me ask:  do you have one giant script that validates all data, 
depending on the variables sent to it?  Or do you have a "formcheck" 
script for each individual form?

This is a great way to stop someone from hitting refresh and 
resubmitting their POST data accidentally, since you've got that GET 
flag which basically says "do not process this form!"  It's not 
-secure-, since anyone can remove this flag (even if you used POST), but 
it will work for Joe User to stop him from accidentally resubmitting.



Erik Price
Web Developer Temp
Media Lab, H.H. Brown

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to