Connecting Tech Pros Worldwide Forums | Help | Site Map
bytes > topic > php > answers

Guarding against multiple postbacks

Tyno Gendo
Guest
  
Posts: n/a
#1: Apr 10 '07
I just wondered what methods people used typically when trying to guard
against a POSTed script being reloaded at the users browser and
effectively re-posting the same data again ?

I have some administration forms which call the same PHP page when they
postback and the $action variable is taken from the form to signal what
action should be taken.

I need a good effective and easy way of stopping people from simply
clicking reload and posting the data again and wondered what the best
method people have found is?

Thanks in advance.

Arjen
Guest
  
Posts: n/a
#2: Apr 10 '07

re: Guarding against multiple postbacks

Tyno Gendo schreef:
Quote:
I just wondered what methods people used typically when trying to guard
against a POSTed script being reloaded at the users browser and
effectively re-posting the same data again ?
>
I have some administration forms which call the same PHP page when they
postback and the $action variable is taken from the form to signal what
action should be taken.
>
I need a good effective and easy way of stopping people from simply
clicking reload and posting the data again and wondered what the best
method people have found is?
>
Thanks in advance.

if ($_POST['whatever'])
{
// do stuff

// reload page
header ("Location: index.php");
}

--
Arjen
http://www.hondenpage.com - Mijn site over honden
Tyno Gendo
Guest
  
Posts: n/a
#3: Apr 10 '07

re: Guarding against multiple postbacks

Arjen wrote:
Quote:
Tyno Gendo schreef:
Quote:
>I just wondered what methods people used typically when trying to guard
>against a POSTed script being reloaded at the users browser and
>effectively re-posting the same data again ?
>>
>I have some administration forms which call the same PHP page when they
>postback and the $action variable is taken from the form to signal what
>action should be taken.
>>
>I need a good effective and easy way of stopping people from simply
>clicking reload and posting the data again and wondered what the best
>method people have found is?
>>
>Thanks in advance.
>
>
if ($_POST['whatever'])
{
// do stuff
>
// reload page
header ("Location: index.php");
}
>
Ah... excellent idea, what didn't it even cross my mind... hehehe.
Crispy Beef
Guest
  
Posts: n/a
#4: Apr 10 '07

re: Guarding against multiple postbacks

Tyno Gendo wrote:
Quote:
Arjen wrote:
Quote:
>Tyno Gendo schreef:
Quote:
>>I just wondered what methods people used typically when trying to guard
>>against a POSTed script being reloaded at the users browser and
>>effectively re-posting the same data again ?
>>>
>>I have some administration forms which call the same PHP page when they
>>postback and the $action variable is taken from the form to signal what
>>action should be taken.
>>>
>>I need a good effective and easy way of stopping people from simply
>>clicking reload and posting the data again and wondered what the best
>>method people have found is?
>>>
>>Thanks in advance.
>>
>>
>if ($_POST['whatever'])
>{
>// do stuff
>>
>// reload page
>header ("Location: index.php");
>}
>>
>
Ah... excellent idea, what didn't it even cross my mind... hehehe.
That's a good one; another method I've used before if you have session
variables available is to set a session var that blocks the script post from
happening again until it's unset...i.e. when the user legitimately comes back
from the correct route. I've mainly used this on contact forms etc.

if (isset($_POST['submit']) && !isset($_SESSION['block'])) {
// Code

// Set block
$_SESSION['block'] = true;
} else {
echo 'Data already posted!';
}

Make sure to unset the session var or when you hit the above code it'll never
process a valid POST.

Paul
Dana Cartwright
Guest
  
Posts: n/a
#5: Apr 11 '07

re: Guarding against multiple postbacks

>>>I just wondered what methods people used typically when trying to guard
Quote:
Quote:
Quote:
>>>against a POSTed script being reloaded at the users browser and
>>>effectively re-posting the same data again ?
I've used a method that essentially combines (with modifications) the two
ideas you've already been presented with.

If there is $_POST data present, I put it into the $_SESSION variable,
something like:

$_SESSION[ 'post_data' ] = $_POST;

and then I force a reload of the page.

Now, if the page loads WITHOUT $_POST data, but WITH $_SESSION[
'post_data' ] present, then I do the processing and null out $_SESSION[
'post_data' ].

I don't know if this is foolproof (I suspect it's not), but it's been quite
effective where I've used it.
Closed Thread

« previous question | next question »

Similar PHP bytes

/bytes/development

/bytes/it

Forums
Visit our community forums for general discussions and latest on Bytes

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,576 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved