How do people go about preventing the user from submitting a form for a 2nd
time? For example, the user submits a form, clicks on the back button, and
the submits the form again.
I have used various techniques in the past (depending on circumstances) but
I'd be interested in the techniques you guys currently use.
Thanks
-- cj*******@REMOV EMEyahoo.co.uk
[remove the obvious bits] 8  2330 
CJM wrote: How do people go about preventing the user from submitting a form for
a 2nd time? For example, the user submits a form, clicks on the back
button, and the submits the form again.
I have used various techniques in the past (depending on
circumstances) but I'd be interested in the techniques you guys
currently use.
Thanks
It can't be prevented: you simply have to be prepared to handle it wehen it
does occur. This means using database constraints to prevent duplicate
entries. Perhaps using "IF EXISTS ..." if using SQL Server, or an extra
query when using Access to determine if a transaction has already occurred.
Setting a Session or Cookie variable to indicate that a transaction has
occurred may also work, as well as saving the extra trip to the database.
Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
> How do people go about preventing the user from submitting a form for a 2nd time?
Hi there!
I usually disable the submit button through a simple javascript property
change for the client side.This measure will prevent the user from clicking
twice on the same button. Then on the server side, I always use
Response.Redire ct to ensure the user is not on a 'submitting step' anymore.
antoine, cc
Cactus Corp. wrote: How do people go about preventing the user from submitting a form
for a 2nd time?
Hi there!
I usually disable the submit button through a simple javascript
property change for the client side.This measure will prevent the
user from clicking twice on the same button. Then on the server side,
I always use Response.Redire ct to ensure the user is not on a
'submitting step' anymore.
This works great until one of your clients disables javascript ...
Also, it does not address the problem of users using the Back button on
their browser to get back to the original submission page.
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
"Bob Barrows [MVP]" <re******@NOyah oo.SPAMcom> wrote in message
news:eS******** ******@tk2msftn gp13.phx.gbl... CJM wrote: How do people go about preventing the user from submitting a form for
a 2nd time? For example, the user submits a form, clicks on the back
button, and the submits the form again.
I have used various techniques in the past (depending on
circumstances) but I'd be interested in the techniques you guys
currently use.
Thanks
It can't be prevented: you simply have to be prepared to handle it wehen
it
does occur. This means using database constraints to prevent duplicate
entries. Perhaps using "IF EXISTS ..." if using SQL Server, or an extra
query when using Access to determine if a transaction has already
occurred.
Setting a Session or Cookie variable to indicate that a transaction has
occurred may also work, as well as saving the extra trip to the database.
Bob Barrows
Putting in a hidden field with a big randomly generated number (eg Now
followed by a random) can help (maybe this is kinda what Bob is referring
to?)
If the DB already has a record with this field value, it's a resubmit.
(Probably!)
Some people also use this as a unique querystring to ensure that pages are
always called from the server, and not from a cache.
Giles
Giles wrote:
Putting in a hidden field with a big randomly generated number (eg Now
followed by a random) can help (maybe this is kinda what Bob is
referring to?)
If the DB already has a record with this field value, it's a resubmit.
(Probably!)
No, it's something I intended to mention, but forgot. However, hidden fields
can be spoofed. his will only prevent accidental resubmissions, It may make
it possible for a hacker to hijack someone's session...
Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Thanks for the replies.
Sorry Bob, when talked about preventing the form submission, I was of course
talking about handling the form submission.
Currently I'm trying to handle these on a case-by-case basis, since the
context varies quite a bit.
Generally, when adding a new record, I'm trapping where possible when this
record already exists. When the operation updates a record, it isnt so much
of a problem - the timestamps are out by a few seconds perhaps but little
damge can be done. Likewise for Delete operations; if you have deleted a
record, there is little further damage you can do.
The problem I have is with Identity fields. I am tracking items with unique
serial numbers around a system; as part of this we have a Stockmovements
table which records when an item is moved from place to place. Clearly, ithe
the Primary Key being an Identity field, we can't easily check if the record
has already been added (by looking at the data).
I'm working on a session variable-based method whereby at the start of the
operation a flag is set, and cleared after the operation is completed. If
the user re-submits it will detect this. (I think Bob hinted at this
approach as well)
I'm sure it's not fool-proof, but it will cut out the vast majority of
mistakes (I hope).
Chris
Bob said: However, hidden fields can be spoofed.
Bob,
What about Session Vars? Can these be spoofed as well?
"Bob Barrows [MVP]" wrote: Giles wrote:
Putting in a hidden field with a big randomly generated number (eg Now
followed by a random) can help (maybe this is kinda what Bob is
referring to?)
If the DB already has a record with this field value, it's a resubmit.
(Probably!)
No, it's something I intended to mention, but forgot. However, hidden fields
can be spoofed. his will only prevent accidental resubmissions, It may make
it possible for a hacker to hijack someone's session...
Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
John Beschler wrote: Bob said: However, hidden fields can be spoofed.
Bob,
What about Session Vars? Can these be spoofed as well?
If session id's are somehow exposed to users (for example, via hidden
fields), then yes: sessions can be hijacked.
Security is TOUGH!
Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Andy Goldstein |
last post by:
I have a table where all the TRs have an onClick handler registered.
One (and only one) of the rows has 2 text input boxes, where each
textbox has an onChange handler registered. Both the onClick and
onChange handlers do some minor manipulation of form data (although
they work on different form elements). If the onChange event fires, I
need the form to be submitted. If the onClick event fires for a TR, I
also need the form to be...
|
by: shortbackandsides.no |
last post by:
I've been having trouble preventing users pressing Enter part way down
a form so the incomplete form gets submitted.
I came up with a possible solution - the code below seems to work in
both mozilla and MSIE - is this a good way to solve the problem? Is
there a better alternative? Have I done anything stupid?
My aim was to disable the normal submit process then use javascript to
submit which appears to bypass that and work...
|
by: yawnmoth |
last post by:
Say I have the following HTML:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title></title>
</head>
<body>
<form action="">
|
by: Mark Rae |
last post by:
Hi,
See the previous thread Request.Form abuse in this newsgroup...
I'm looking for a simple and efficient way to prevent people hijacking the
<formtags on my websites and using them to send spam. I would imagine
they're using the HttpWebRequest method for this.
Essentially, it would require a property on a WebForm that indicates whether
it is *only* for PostBack (true by default, but configurable), which would
|
by: Oleg Konovalov |
last post by:
Hi,
I have a Java/JavaScript GUI application where I perform a lot of long DB
operations
, which takes 5-60 secs to perform.
Sometimes user double-clicks the button or just gets impatient and clicks
again,
which created duplicate forcm submission and hence duplicate records.
So I am trying to disable the button as soon as it is clicked, and as soon
as it's done,
| | |
by: Homer |
last post by:
Hi,
I just got a requirement from my HR department to automate their form
submission process and integrate it into the Intranet project that I
had just completed Phase 1 of. Because of the short time frame that
I've been given, a week to be exact, I do not have the luxury to
explore it on my own so here are the requirements:
1. Automate the personnel forms that employees use for changing their
information, which is currently in pdf...
|
by: dwmartin18 |
last post by:
I got it into my head the other day to develop my own little form validation library. More than anything I just wanted to try out of few things I’ve never done before like chainable methods -- think jQuery’s style of calls: $('#id1').click().fadeOut('slow').
A problem I have ran into though is how to prevent a form from submitting if it fails one of the validation methods. I know how returning false to the form on submission will do the...
|
by: Megalog |
last post by:
Hey guys.. my turn to ask a question:
I'm having a weird issue with a form I've reworked. This form has a combo box, which when used is changing the recordsource of a subform. This subform has no Master/Child relationship set to the main form. Specifically the problem seems to be that everytime the recordsource of the subform is changed, the subform object itself tries to set a default Master/Child value (both fields fill with the "ID"...
|
by: MikeB |
last post by:
I created a small website for a friend. On this website he has a
contact page where people can send him email. When I wrote this page I
checked some tutorial pages and they warned about certain precautions
to take to avoid spammers using the mail form to spam multiple
people.
I believe I did most of that, such as making sure that the header
fields does not include multiple addresses, etc.
Now it does seem some spammer has discovered...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
