Ricky Morley wrote: >> Richard Lynch <mailto:ceo@xxxxxxxxx> >> on Thursday, February 03, 2005 11:26 AM said: >> >>> A simple thing to do is to put an md5 hash into the POST data, then >>> only do the insert if that md5 hash isn't already "used" when they >>> hit refresh. > > Thank you for your responses. One question: If I were to use the md5 hash > method, what would be the best way to store used hashes? In a database? In > a temporary file kinda thing? Thanks again. In a database with a datetime field. Clear out anything older than a day or whatever in a cron job. For a super busy site, you'd want to clear them out more often. Or, to simplify matters, if you already have sessions, then do this: <?php session_start(); //Check their FORM freshness, and only process fresh input, not re-loaded: $fresh = $_POST['fresh']; $used = isset($_SESSION['used']) ? $_SESSION['used'] : array(); if (isset($used[$fresh])){ echo "Ignoring re-posted data: $fresh<br />\n"; } else{ echo "INSERT INTO whatever (duplicate) VALUES ('$_POST[duplicate]')"; $used[$fresh] = TRUE; $_SESSION['used'] = $used; } ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <input type="hidden" name="fresh" value="[<?php echo md5(uniqid())?>]"> <input name="duplicate"><br /> <input type="submit" value="Duplicate?"> </form> Make sure any test for a session time-out occurs BEFORE this test for 'fresh' data -- so they can't wait for the session to time-out, and then re-load, and get their duplicate "in" that way. You could put most of the code to check for freshness in an include file, and use it on a zillion forms. Just put the INPUT HIDDEN with NAME='fresh' and an MD5 in every form and be sure to: include 'freshness.inc'; before processing. Or put it in a function you define in your globals.inc (or whatever gets loaded every page). It's simple and browser-independent, so it doesn't matter if they hit back or not or re-load or their browser sends or doesn't send the signal needed for ignore_user_abort to work or... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
