On Tuesday, July 2, 2002, at 11:10 PM, Justin French wrote:
> on 03/07/02 11:54 AM, Richard Lynch ([EMAIL PROTECTED]) wrote:
>> Rule of Thumb:
>> If you have to do header("Location: ...") you have a
>> design/engineering/organizational problem in your code/pages/site.
>> I'm sure a zillion people will disagree with this "rule"
> I agree, except there's one exception to this that I can't see a way
> When dealing with form submissions the receiving file needs to validate
> the code before anything is sent to the browser, update the database (or
> whatever) and then redirect to itself with some sort of GET flag that
> a thankyou note or something.
> Otherwise people can hit "refresh" and post the data twice, or 10
> times :)
Justin! That's a great idea. No one ever mentioned that to me before
(and I've been on and off this list for months). Or actually, I think
YOU mentioned it once but I didn't understand it.
So let me ask: do you have one giant script that validates all data,
depending on the variables sent to it? Or do you have a "formcheck"
script for each individual form?
This is a great way to stop someone from hitting refresh and
resubmitting their POST data accidentally, since you've got that GET
flag which basically says "do not process this form!" It's not
-secure-, since anyone can remove this flag (even if you used POST), but
it will work for Joe User to stop him from accidentally resubmitting.
Web Developer Temp
Media Lab, H.H. Brown
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php