Re: Preventing data from being reposted?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Gareth Williams wrote:

Wouldn't using GET instead of POST help?

in a way it could - but you don't usually want to use a GET as this can be easily spoofed (i.e. anyone could send you a link or post one in a forum that would do the post action without warning you)

which comes down to: you should be 'certified' if you use GET to allow
users to submit a payment confirmation - you only want a FORM to be able to
submit such a confirmation rather than allowing any old link to issue such a
confirmation....

for a much better description on why using GET is 'bad' in this kind of situation
I refer you to posts made by Richard Lynch (I think??) in the last 6 weeks (can't remember the
subject Im afraid)



Gareth Williams venditor.com

Buy cool stuff online at <a href="http://www.venditor.com";>venditor.com</a>

On 3 Mar 2005, at 14:20, Jochem Maas wrote:

rory walsh wrote:

Thanks Eoghan, I have tried the following but it still reposts the data from the form and goes back a page?
header("Cache-control: private");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
Am I write in assuming that the above headers should prevent the user from going back in the first place as no cache has been taken?


no - just that if they do then the page will have to be reloaded (under
std conditions the user then gets the 'Are you sure you want to repost?' kind
of message)


before asking anything more on this topic, look up a thread on this
lists archive entitled

'Clear POST variables on page refresh'

this should give you headsup on the issues + a good suggestion by Richard
Lynch on how to handle this (his idea uses md5 hashes to 'auth' specific POST
actions, when the POST occurs the given hash is invalidated... read original thread
for full info)


Eoghan wrote:

you can use header()
http://ie.php.net/header


rory walsh wrote:

Is there anyway I can prevent data from being reposted when I hit the back button on my browser? When I hit back I get a message from my browser asking do I want to repost the data, can I prevent this window from appearing?


-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php



-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux