At 11:27 AM 7/13/2006, Michael B Allen wrote:
Let's say you have a "Buy" button that posts a form to a script that
inserts or increments the quantity of a record in a shopping cart
table. So you click "Buy" and then "Checkout". Now if you hit the Back
button it asks the user if they would like to repost the form. If you
click "Ok" the db script runs again and now they have two items in the
cart. Not good.
It seems to me this is a fundamental model view controller kind of
problem. There's no seperation between the view and the controller.
What I'm thinking is that I need to give each form a unique token. When
the form is submitted a new token is generate. So if at any time a form
is reposted the token will be invalid and action regarding the form
contents can be igored.
Perhaps, but I'll bet that a lot of re-posts will be from people who
click, realize they forgot to change the quantity or another value,
and back up in order to correct their mistake. You might consider
accepting the most recent post, not the first, when the form token
matches. You might also want to include a current timestamp in the
form so that you can easily detect the sequence of multiple posts.
One technique that might help is to insert a processing script
between input form & output page. The form posts to the script which
doesn't download anything to the browser but instead redirects to the
destination page, so backing up from the destination doesn't
automatically prompt for a re-post; the user would actually have to
return to the form and re-submit it manually. And of course that's
going to happen, too, so your underlying engine will need to be smart
enough to know how to deal with multiple buy requests for the same
product in any case.
Regards,
Paul
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php