Re: Avoiding user refresh of pages with forms

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



something interesting to note:

header('location: newpage.php');

After processing your POST request, just send them to a new page and in that page you can display the result of the process (It can require a bit of change in your code) but the result will be that a refresh will refresh the result page not the post page...

;)

PS: This doesn't prevent someone to hack your system and repost, but someone refreshing or "backing up" a page should not land on the post anymore.

Mathieu

Jochem Maas wrote:
Jeff wrote:

Is there a way to prevent a re-posting of the form data when a user
pushes the "refresh" button on the browser?

I have a page that has a form to enter credit's or debit's to a user
account.  The top of the page displays the users account history and at
the bottom is a form to add an adjustment. I just had a situation where
a user came in complaining that the database is out of control every
time I "REFRESH" the page the credit I put in gets added again and
again!!  He also claimed he was getting no warning message about that
which was of course false, he just didn't read it.

In any event, I need to make this more user proof.


a a 'hash' token to the form - and when the form is submitted the first
time log the token to the DB (or somewhere). each time a submission is
made check that the token is not already stored - if it is don't
let the submission through.

you can double up that security by not only blacklisting (as above) but
also whitelisting (the token has to be in your whitelist AND not in your
blacklist before a submission is considered valid)


Thanks,

Jeff


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux