Gareth Williams wrote:
Wouldn't using GET instead of POST help?
in a way it could - but you don't usually want to use a GET as this
can be easily spoofed (i.e. anyone could send you a link or post one in a forum
that would do the post action without warning you)
which comes down to: you should be 'certified' if you use GET to allow
users to submit a payment confirmation - you only want a FORM to be able to
submit such a confirmation rather than allowing any old link to issue such a
confirmation....
for a much better description on why using GET is 'bad' in this kind of situation
I refer you to posts made by Richard Lynch (I think??) in the last 6 weeks (can't remember the
subject Im afraid)
Gareth Williams
venditor.com
Buy cool stuff online at <a href="http://www.venditor.com">venditor.com</a>
On 3 Mar 2005, at 14:20, Jochem Maas wrote:
rory walsh wrote:
Thanks Eoghan, I have tried the following but it still reposts the
data from the form and goes back a page?
header("Cache-control: private");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
Am I write in assuming that the above headers should prevent the user
from going back in the first place as no cache has been taken?
no - just that if they do then the page will have to be reloaded (under
std conditions the user then gets the 'Are you sure you want to
repost?' kind
of message)
before asking anything more on this topic, look up a thread on this
lists archive entitled
'Clear POST variables on page refresh'
this should give you headsup on the issues + a good suggestion by Richard
Lynch on how to handle this (his idea uses md5 hashes to 'auth'
specific POST
actions, when the POST occurs the given hash is invalidated... read
original thread
for full info)
Eoghan wrote:
you can use header()
http://ie.php.net/header
rory walsh wrote:
Is there anyway I can prevent data from being reposted when I hit
the back button on my browser? When I hit back I get a message from
my browser asking do I want to repost the data, can I prevent this
window from appearing?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php