Hello,
How about this for a different method:
The php that displays the form writes an extra hidden field to the
form, containing a random string value. It also writes that random
string along with a timestamp to a database table, called say,
form_control. The form action sends to a separate php page.
The receiving php page does a "delete from form_control where
control_string = $sanitisedhiddenformfield".
If mysql_affected_rows() == 1 then go ahead and perform the user
data insert.
If it's not 1 then you either have a duplicate submit/refresh (as
the control record has already been deleted) or you have a hacker
calling your processing php directly.
So this is nice to deter them too. You can also add another where
clause based on the timestamp if you wish to time out forms that have
been sitting around. Other refinements are possible but that's the
bare bones.
To clean up unsubmitted form control strings either of the php
processes can do an additional 'delete from form_control where
timestampcolumn < ' whenever (sorry I can't remember datetime
functions off the top of my head!).
This method is nice as it doesn't affect the real user data table or
indexes and has anti-hacker side benefits.
anNa
> From: "Hallvard" <hallvard@xxxxxxxxxx>
> To: php-db@xxxxxxxxxxxxx
> Date: Sat, 30 Jul 2005 12:17:16 +0200
> Subject: Duplicate record
> I have a page that posts data from a form to a mysql database.
>
> The problem is that if the user hits the reload button on the browser, the
> data will be posted again, resulting in a duplicate record.
>
> How can I avoid that?
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
