Chris W. Parker wrote: > Richard Lynch <mailto:ceo@xxxxxxxxx> > on Thursday, February 03, 2005 11:26 AM said: > >> A simple thing to do is to put an md5 hash into the POST data, then >> only do the insert if that md5 hash isn't already "used" when they >> hit refresh. >> >> This avoids the hassle of re-direct headers and trying to follow >> programming logic bouncing from script to script. > > Come now, let's not be so dramatic. :P > > "hassle of re-direct": > > <?php > > header("Location: http://fq.dn/page.ext";); > > ?> Except if you start using sessions, but then need to not use cookies because they're now "off" by default in browsers, so you use trans-sid, will that PHPSESSID get tacked on to the end of the re-location header? I think not. So then you have a *TON* of code to fix, because somebody put all these header("Location:") in the code and you need the PHPSESSID on the end of every one of them. > "programming logic bouncing from script to script": > > It would be the same logic/handling of the form, just split across two > pages. Not really much changing is necessary. Except of course that you > will have to send data back to the form page via the querystring should > you have the need (i.e. form errors). Months later, when trying to track down what is happening, you end up opening up a file that matches the URL to find out what's going on, only to find out it's not in that file because you did a header redirect to another file, so then you open up that other file but then you find another header redirect so then you open up another file, ... You end up with 20 files open, with a snarled mess of header re-directs bouncing you back and forth from file to file, for the very very very common act of filling out a form. No, thanks. I'll stick to structuring my code so I don't need the re-direct. > Not trying to knock you or the MD5 solution you offered. Just thought > you made the two page solution sound scarier than it really is. If it was only two pages, and there was only one header() re-direct, fine. But what ends up happening is you get in the habit of doing this all over the place, and you have a mess of spaghetti logic spread over a hundred files. At least, that's been my experience in trying to debug the mess people have made with this header re-direct. They can't use just one. Perhaps you've had better luck with better programmers and header re-direct usage -- All I know is, every time I find a header("Location:") in somebody's PHP source code, I just know it's going to bite me in the ass some day. YMMV Plus, the user can *STILL* use the pull-down menu of some browsers to go back two pages and re-submit the form with the same data, or they can click "back" fast enough to get there (on some browsers) and end up re-loading the form that way. If you need to be sure they don't do that, the md5 method will ALWAYS work, not just "sometimes" work. You want ALWAYS works or SOMETIMES works? -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
