But what if the data being inserted isn't unique? What if it's a voting form that says "Do you like pie? Yes/No"? True, it could record the response and the userid or IP address so that would be a unique pairing but what if the vote was anonymous and you allowed multiple people from the same IP address (ie behind a firewall/proxy) to submit votes? There could be cases where the data isn't necessarily unique, is all I'm saying. In which case you could use the unique ID thing to make sure it's not a double-submit from the same person, or only allow a submission every XX seconds from a single IP address, or maybe create some kind of fingerprint of the voter using their browser type and version or some other odd method. The unique ID thing is by far the simplest and less discriminatory against people beind firewalls or proxies. So you see, there is some kind of case for allowing non-unique input into the database, depending on the circumstances. -TG ----- Original Message ----- From: OKi98 <oki98@xxxxxxxxxx> To: T K <tek.katu@xxxxxxxxx> Cc: php-db@xxxxxxxxxxxxx Date: Fri, 05 Oct 2007 10:34:50 +0200 Subject: Re: Prevention for multiple submissions from the same form > T K napsal(a): > > I've learned that this is possible to make and send a unique id in > > hidden input, and check if the id is used before database query is > > issued. (PHP Cookbook [O'reilly]). > Why? You should always ensure that only unique data are inserted into > database. This is not just about multiple submissions. Visitor can > submit form then forgets about that so he goes back and submits the same > thing again. > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
