RE: [PHP] Clearing POST variable on page refresh
At 5:37 PM -0500 12/18/06, Beauford wrote: -Original Message- From: Richard Lynch [mailto:[EMAIL PROTECTED] -snip- most excellent code and advice from Richard (Thanks Richard). Hmm. I was thinking more of a one liner that would just clear the memory buffer of these variables, but it seems this is a little more involved than I anticipated. And it's not that I didn't want to use sessions, I just didn't want the extra work - but what you suggested above is way more work than sessions. So now I've just used a simple session. If it's true, don't add the user, if false add user. Still not exactly what I want, but will do until I find something better. This is most likely not a php thing, but would there be a way to refresh the page, fooling the browser into thinking it's being freshly loaded? Well... when you find something better, please let us know. I know what you mean because I'm looking for a simple way to make a lot of money, but everything I try is more involved than I anticipated. You see, working is not what I want to do, but it will do until I find something better. tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Clearing POST variable on page refresh
Beauford wrote: Hi, I have a page with a form on it which posts to itself. The problem is when someone refreshes the page it enters the data into the DB again. How do I clear these variables so that doesn't happen. I tried the unset function, but no luck. I really don't want to use sessions or cookies as this is just a simple little page, but still, it has to work right. sessions are no big deal - search the list archive for stuff like 'form token' until you find one of the many explainations of how to tackle this issue using a 'one time' token concept (find the posts by Richard Lynch - they are the most complete/abundant/explicit AFAICR) - the solution does use sessions, but like I said thats not a big deal at all. :-) Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Clearing POST variable on page refresh
-Original Message- From: Jochem Maas [mailto:[EMAIL PROTECTED] Sent: Monday, December 18, 2006 3:39 AM To: Beauford Cc: PHP Subject: Re: [PHP] Clearing POST variable on page refresh Beauford wrote: Hi, I have a page with a form on it which posts to itself. The problem is when someone refreshes the page it enters the data into the DB again. How do I clear these variables so that doesn't happen. I tried the unset function, but no luck. I really don't want to use sessions or cookies as this is just a simple little page, but still, it has to work right. sessions are no big deal - search the list archive for stuff like 'form token' until you find one of the many explainations of how to tackle this issue using a 'one time' token concept (find the posts by Richard Lynch - they are the most complete/abundant/explicit AFAICR) - the solution does use sessions, but like I said thats not a big deal at all. :-) Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php My way of getting around this has been to put the data manipulation into a process page, which redirects back to the content page when its finished processing. That way, when the user hits refresh it doesn't ask to resubmit the data. It just refreshes the display. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Clearing POST variable on page refresh
Brad Fuller wrote: -Original Message- From: Jochem Maas [mailto:[EMAIL PROTECTED] Sent: Monday, December 18, 2006 3:39 AM To: Beauford Cc: PHP Subject: Re: [PHP] Clearing POST variable on page refresh Beauford wrote: Hi, I have a page with a form on it which posts to itself. The problem is when someone refreshes the page it enters the data into the DB again. How do I clear these variables so that doesn't happen. I tried the unset function, but no luck. I really don't want to use sessions or cookies as this is just a simple little page, but still, it has to work right. sessions are no big deal - search the list archive for stuff like 'form token' until you find one of the many explainations of how to tackle this issue using a 'one time' token concept (find the posts by Richard Lynch - they are the most complete/abundant/explicit AFAICR) - the solution does use sessions, but like I said thats not a big deal at all. :-) Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php My way of getting around this has been to put the data manipulation into a process page, which redirects back to the content page when its finished processing. That way, when the user hits refresh it doesn't ask to resubmit the data. It just refreshes the display. I can still hit the back button twice though can't I, and that would trigger another POST. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Clearing POST variable on page refresh
On Mon, 2006-12-18 at 09:34 -0500, Brad Fuller wrote: -Original Message- From: Jochem Maas [mailto:[EMAIL PROTECTED] Sent: Monday, December 18, 2006 3:39 AM To: Beauford Cc: PHP Subject: Re: [PHP] Clearing POST vari My way of getting around this has been to put the data manipulation into a process page, which redirects back to the content page when its finished processing. That way, when the user hits refresh it doesn't ask to resubmit the data. It just refreshes the display. I've never seen a good implementation of that style. If there's an error in the form submission then such implementations usually have a generic error message saying, please go back, or they then need to stuff th eentire post contents into a session var or favourite deity forbid, into the URL. It's almost certainly always better to submit to the same page and move along when the processing is done. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Clearing POST variable on page refresh
On Sun, December 17, 2006 4:59 pm, Beauford wrote:
I have a page with a form on it which posts to itself. The problem is
when
someone refreshes the page it enters the data into the DB again. How
do I
clear these variables so that doesn't happen. I tried the unset
function,
but no luck. I really don't want to use sessions or cookies as this is
just
a simple little page, but still, it has to work right.
The redirect solution has several gotchas
It tends to mess up the back button, which is annoying to some
users. (Okay, maybe that's just me.)
It's possible for an impatient user to hit Back and Stop fast
enough to re-submit the data anyway, in some browsers, so it doesn't
solve the problem 100%, really.
A header() to redirect chews up HTTP connections, which can be
problematic on a heavy-traffic site, because it has to send the 302 to
the browser, which then has to send back another HTTP request to the
server to get the new page. So you double your traffic load and
number of Apache children needed to provide the feature-set of this
page. On a much-visited page on a busy server, that can be a real
issue, instead of the non-issue it usually is. YMMV NAIAA
Embedding a token in the FORM, and tracking that token as used in
a session or db is what I prefer, personally.
Since you don't want to use sessions, you can simply have one more
table in your DB:
create table used_token (
token char(32) unique not null primary key,
whatdate date
);
create index used_token_whatdate_index on used_token(whatdate);
Then in your original FORM part of the script:
form action=?php echo $_SERVER['PHP_SELF']? method=post
input type=hidden name=token value=?php echo
md5(uniqid(rand(), true)? /
Rest of form here
/form
In the processing section:
?php
$token = $_POST['token'];
if (!preg_match('/[0-9a-g]{32}/i', $token)) die(Bad Guy);
$query = select count(*) from used_token where token = '$token';
$used = mysql_query($query, $connection) or die(Database Offline .
error_log(mysql_error($connection));
$used = mysql_result($used, 0, 0);
if (!$used){
//insert form contents to DB (your existing code goes here)
$query = insert into used_token(token, whatdate) values('$token',
now());
mysql_query($query, $connection) or die(Database Offline .
error_log(mysql_error($conection));
}
else{
//do whatever you want to do with a re-submission, possibly nothing
}
?
Then you'll want a cron job to clear out any token in used_token where
the whatdate field is, say, a week or more old. Less than a week on
an ultra busy server.
?php
//cron job to clear out old data
$query = delete from used_token where whatdate date_sub(now(),
interval 1 week);
mysql_query($query, $connection) or die(mysql_error($connection));
?
There is a 1 in a billion chance that two users could get the same
token, but you can play games with that as well to guarantee
uniqueness.
--
Some people have a gift link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Clearing POST variable on page refresh
-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED]
Sent: December 18, 2006 3:46 PM
To: Beauford
Cc: PHP
Subject: Re: [PHP] Clearing POST variable on page refresh
On Sun, December 17, 2006 4:59 pm, Beauford wrote:
I have a page with a form on it which posts to itself. The
problem is
when someone refreshes the page it enters the data into the
DB again.
How do I clear these variables so that doesn't happen. I tried the
unset function, but no luck. I really don't want to use sessions or
cookies as this is just a simple little page, but still, it has to
work right.
The redirect solution has several gotchas
It tends to mess up the back button, which is annoying to
some users. (Okay, maybe that's just me.)
It's possible for an impatient user to hit Back and Stop
fast enough to re-submit the data anyway, in some browsers,
so it doesn't solve the problem 100%, really.
A header() to redirect chews up HTTP connections, which can
be problematic on a heavy-traffic site, because it has to
send the 302 to the browser, which then has to send back
another HTTP request to the server to get the new page. So
you double your traffic load and number of Apache children
needed to provide the feature-set of this page. On a
much-visited page on a busy server, that can be a real issue,
instead of the non-issue it usually is. YMMV NAIAA
Embedding a token in the FORM, and tracking that token as
used in a session or db is what I prefer, personally.
Since you don't want to use sessions, you can simply have one
more table in your DB:
create table used_token (
token char(32) unique not null primary key,
whatdate date
);
create index used_token_whatdate_index on used_token(whatdate);
Then in your original FORM part of the script:
form action=?php echo $_SERVER['PHP_SELF']? method=post
input type=hidden name=token value=?php echo
md5(uniqid(rand(), true)? /
Rest of form here
/form
In the processing section:
?php
$token = $_POST['token'];
if (!preg_match('/[0-9a-g]{32}/i', $token)) die(Bad Guy);
$query = select count(*) from used_token where token = '$token';
$used = mysql_query($query, $connection) or die(Database Offline .
error_log(mysql_error($connection));
$used = mysql_result($used, 0, 0);
if (!$used){
//insert form contents to DB (your existing code goes here)
$query = insert into used_token(token, whatdate)
values('$token', now());
mysql_query($query, $connection) or die(Database Offline .
error_log(mysql_error($conection));
}
else{
//do whatever you want to do with a re-submission,
possibly nothing
}
?
Then you'll want a cron job to clear out any token in
used_token where the whatdate field is, say, a week or more
old. Less than a week on an ultra busy server.
?php
//cron job to clear out old data
$query = delete from used_token where whatdate
date_sub(now(), interval 1 week);
mysql_query($query, $connection) or
die(mysql_error($connection)); ?
There is a 1 in a billion chance that two users could get the
same token, but you can play games with that as well to
guarantee uniqueness.
--
Hmm. I was thinking more of a one liner that would just clear the memory
buffer of these variables, but it seems this is a little more involved than
I anticipated. And it's not that I didn't want to use sessions, I just
didn't want the extra work - but what you suggested above is way more work
than sessions. So now I've just used a simple session. If it's true, don't
add the user, if false add user. Still not exactly what I want, but will do
until I find something better.
This is most likely not a php thing, but would there be a way to refresh the
page, fooling the browser into thinking it's being freshly loaded?
Thanks to all.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Clearing POST variable on page refresh
Hi, I have a page with a form on it which posts to itself. The problem is when someone refreshes the page it enters the data into the DB again. How do I clear these variables so that doesn't happen. I tried the unset function, but no luck. I really don't want to use sessions or cookies as this is just a simple little page, but still, it has to work right. Thanks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Clearing POST variable on page refresh
Beauford wrote: I have a page with a form on it which posts to itself. The problem is when someone refreshes the page it enters the data into the DB again. How do I clear these variables so that doesn't happen. I tried the unset function, but no luck. I really don't want to use sessions or cookies as this is just a simple little page, but still, it has to work right. Use the header function (http://php.net/header) to redirect to the same page. The POST vars are coming from the client, so you can't get rid of them by unsetting them. By redirecting you are giving the browser a new page which is then what will be retrieved if the user refreshes it, rather than refreshing the POSTed request. -Stut -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Clearing a variable
Hello, How can I clear a variable? Thank you, Brandon Orther WebIntellects Design/Development Manager [EMAIL PROTECTED] 800-994-6364 www.webintellects.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Clearing a variable
On Thu, 18 Jan 2001, Brandon Orther wrote: Hello, How can I clear a variable? Thank you, Brandon Orther WebIntellects Design/Development Manager [EMAIL PROTECTED] 800-994-6364 www.webintellects.com unset($var); -- Ignacio Vazquez-Abrams [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Clearing a variable
unset($var) On Thu, 18 Jan 2001, Brandon Orther wrote: Hello, How can I clear a variable? Thank you, Brandon Orther WebIntellects Design/Development Manager [EMAIL PROTECTED] 800-994-6364 www.webintellects.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Clearing a variable
On Thu, 18 Jan 2001, Brandon Orther wrote: Hello, How can I clear a variable? Thank you, Brandon Orther WebIntellects Design/Development Manager [EMAIL PROTECTED] 800-994-6364 www.webintellects.com unset($var); Actually, just to clarify, that removes a variable from the symbol table. to clear the contents of a variable, just set it to null: $var = NULL; // $var is now empty -sterling -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Clearing a variable
you can clear a string by doing this: $string = ''; you can clear an array by doing this: $array = array(); you can clear (or zero out rather) an integer or float by doing: $int_or_float = 0; or you can simply unset() the variable: unset($any_of_the_above); Jeremy Jeremy Brand :: Sr. Software Engineer :: 408-245-9058 :: [EMAIL PROTECTED] http://www.JeremyBrand.com/Jeremy/Brand/Jeremy_Brand.html for more - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "LINUX is obsolete" -- Andy Tanenbaum, January 29th, 1992 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://www.JEEP-FOR-SALE.com/ -- I need a buyer Get your own Free, Private email at http://www.smackdown.com/ On Thu, 18 Jan 2001, Brandon Orther wrote: Date: Thu, 18 Jan 2001 14:44:56 -0800 From: Brandon Orther [EMAIL PROTECTED] To: PHP User Group [EMAIL PROTECTED] Subject: [PHP] Clearing a variable Hello, How can I clear a variable? Thank you, Brandon Orther WebIntellects Design/Development Manager [EMAIL PROTECTED] 800-994-6364 www.webintellects.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
