Hello -
Thought I was almost done with my project and then a back arrow button issue
raised its ugly head.
Once a user fills out a form and submits it (done via stored procedure into
a Sql Server database), what's to prevent them from pressing the back button
and resubmitting the form multiple times and creating havoc with my database?
How is this issue usually handled?
Any help will be greatly appreciated!
--
Sandy
11  1455 
Sandy,
The best way to protect the database is to build protection into the
database. Do you have primary keys and unique indexes appropriately
designated in your database? If not, you should definitely put them
in.
A unique index can protect you from users inserting duplicate records
in subsequent posts. Subsequent submittals of the form with the same
data would likely violate one of your constraints and no duplicate
record would be inserted. An error can be returned to the user stating
what happened.
For updates, use a concurrency ID on the table that increments for each
successive update for each record. You can use a trigger to do the
incrementing. In your update procedure, check for the value of the
concurrency ID as it is in the form (you can store it in a hidden text
field). If it is not equal to the value in the database for the
selected record, your procedure can return an error, which can be
displayed to the user. Use of the back button will always return an
obsolete concurrency ID and will never result in an update. This
technique will also protect you from cases where a user overwrites
changes made by another user.
I think that ensuring integrity at the database level is preferable to
doing so in the application. If you rely on the application and users
access the data from outside the application, you have no protection.
The last thing that you want to do is to start wrestling with the
user's browser.
Bill E.
re: How is this issue usually handled?
By not accepting duplicate records in the database.
Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
=============== =======
"Sandy" <Sa***@discussi ons.microsoft.c om> wrote in message
news:4B******** *************** ***********@mic rosoft.com... Hello -
Thought I was almost done with my project and then a back arrow button
issue
raised its ugly head.
Once a user fills out a form and submits it (done via stored procedure
into
a Sql Server database), what's to prevent them from pressing the back
button
and resubmitting the form multiple times and creating havoc with my
database?
How is this issue usually handled?
Any help will be greatly appreciated!
--
Sandy
Thanks for your response, Bill. How would I go about doing that? Here's my
table:
CREATE TABLE [tblPost] (
[PostID] [int] IDENTITY (1, 1) NOT NULL ,
[UserID] [int] NOT NULL ,
[TopicID] [int] NOT NULL ,
[Question] [char] (100) COLLATE SQL_Latin1_Gene ral_CP1_CI_AS NOT NULL ,
[PostMsg] [text] COLLATE SQL_Latin1_Gene ral_CP1_CI_AS NULL ,
[PostDT] [datetime] NOT NULL CONSTRAINT [DF_tblPost_Post DT] DEFAULT
(getdate()),
CONSTRAINT [PK_tblPost] PRIMARY KEY CLUSTERED
(
[PostID]
) ON [PRIMARY]
) ON [PRIMARY]
Here's my stored procedure:
ALTER Procedure spInsertPostMsg
@UserID int,
@TopicID int,
@Question char(100),
@PostMsg text,
@PostDT datetime = Default,
@PostID int OUTPUT
AS
Insert into tblPost
Values
(
@UserID,
@TopicID,
@Question,
@PostMsg,
GetDate()
)
Declare @Ident int
Select @PostID = @@IDENTITY
Select @Ident = @PostID
*************** *** A unique index can protect you from users inserting duplicate records
in subsequent posts. Subsequent submittals of the form with the same
data would likely violate one of your constraints and no duplicate
record would be inserted. An error can be returned to the user stating
what happened.
I have a date/time column - the entries would never be the same. Is my
logic flawed on this? Also, this table will not be updated - just new
entries added.
I agree this should be done at the DB level -- perhaps at both levels would
be an even better solution . . .
Thanks again!
Sandy
"bi********@net scape.net" wrote:
Sandy,
The best way to protect the database is to build protection into the
database. Do you have primary keys and unique indexes appropriately
designated in your database? If not, you should definitely put them
in.
A unique index can protect you from users inserting duplicate records
in subsequent posts. Subsequent submittals of the form with the same
data would likely violate one of your constraints and no duplicate
record would be inserted. An error can be returned to the user stating
what happened.
For updates, use a concurrency ID on the table that increments for each
successive update for each record. You can use a trigger to do the
incrementing. In your update procedure, check for the value of the
concurrency ID as it is in the form (you can store it in a hidden text
field). If it is not equal to the value in the database for the
selected record, your procedure can return an error, which can be
displayed to the user. Use of the back button will always return an
obsolete concurrency ID and will never result in an update. This
technique will also protect you from cases where a user overwrites
changes made by another user.
I think that ensuring integrity at the database level is preferable to
doing so in the application. If you rely on the application and users
access the data from outside the application, you have no protection.
The last thing that you want to do is to start wrestling with the
user's browser.
Bill E.
Thanks for responding, Juan -
As far as I know, these records will never be duplicates - all of these
records have a date/time field.
Sandy
"Juan T. Llibre" wrote: re: How is this issue usually handled?
By not accepting duplicate records in the database.
Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
=============== =======
"Sandy" <Sa***@discussi ons.microsoft.c om> wrote in message
news:4B******** *************** ***********@mic rosoft.com... Hello -
Thought I was almost done with my project and then a back arrow button
issue
raised its ugly head.
Once a user fills out a form and submits it (done via stored procedure
into
a Sql Server database), what's to prevent them from pressing the back
button
and resubmitting the form multiple times and creating havoc with my
database?
How is this issue usually handled?
Any help will be greatly appreciated!
--
Sandy
You could also implement some sort of a time
limit needed before a second record can be posted.
Juan T. Llibre
ASP.NET MVP http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
=============== =======
"Sandy" <Sa***@discussi ons.microsoft.c om> wrote in message
news:C6******** *************** ***********@mic rosoft.com... Thanks for responding, Juan -
As far as I know, these records will never be duplicates - all of these
records have a date/time field.
Sandy
"Juan T. Llibre" wrote:
re: > How is this issue usually handled?
By not accepting duplicate records in the database.
Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
=============== =======
"Sandy" <Sa***@discussi ons.microsoft.c om> wrote in message
news:4B******** *************** ***********@mic rosoft.com... > Hello -
>
> Thought I was almost done with my project and then a back arrow button
> issue
> raised its ugly head.
>
> Once a user fills out a form and submits it (done via stored procedure
> into
> a Sql Server database), what's to prevent them from pressing the back
> button
> and resubmitting the form multiple times and creating havoc with my
> database?
> How is this issue usually handled?
>
> Any help will be greatly appreciated!
> --
> Sandy
Sandy,
I don't know how you are using your table. If a given user can only
post an entry for the same question once, then you could create a
unique index on the columns UserID and Question.
On the other hand, if you are using the table to capture exchanges
between users where a user posts a question, gets a response but then
the original user later responds to the first respondent and so on
(like this usenet forum), then you will need to allow multiple entries
for the same user/question. You won't be able to restrict postings
based user/question and you can't really restrict postings based on
date/time. In fact, your definition of "duplicate" would involve
checking if the PostMsg text column were the same as in a previous
record for the same user in the table. You can certainly do this, but
now you're dealing with text data types, which are much clumsier to
work with in your stored procedures.
I suppose in this case, you may not have any good options on the
database side except user training! You can also take steps to lower
the likelihood that the user will use the back button. For example, if
a question is successfully posted, the user is told so and furnished
with a convenient link to another part of the application.
I hope that I'm not way off track in my interpretation.
Bill
Hi Bill -
No, you're not off track - you got it exactly right! Do you happen to know
how any of these user groups handle this?
Sandy
"bi********@net scape.net" wrote: Sandy,
I don't know how you are using your table. If a given user can only
post an entry for the same question once, then you could create a
unique index on the columns UserID and Question.
On the other hand, if you are using the table to capture exchanges
between users where a user posts a question, gets a response but then
the original user later responds to the first respondent and so on
(like this usenet forum), then you will need to allow multiple entries
for the same user/question. You won't be able to restrict postings
based user/question and you can't really restrict postings based on
date/time. In fact, your definition of "duplicate" would involve
checking if the PostMsg text column were the same as in a previous
record for the same user in the table. You can certainly do this, but
now you're dealing with text data types, which are much clumsier to
work with in your stored procedures.
I suppose in this case, you may not have any good options on the
database side except user training! You can also take steps to lower
the likelihood that the user will use the back button. For example, if
a question is successfully posted, the user is told so and furnished
with a convenient link to another part of the application.
I hope that I'm not way off track in my interpretation.
Bill
Hi Juan -
Any ideas on how to go about doing that?
Sandy
"Juan T. Llibre" wrote: You could also implement some sort of a time
limit needed before a second record can be posted.
Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
=============== =======
"Sandy" <Sa***@discussi ons.microsoft.c om> wrote in message
news:C6******** *************** ***********@mic rosoft.com... Thanks for responding, Juan -
As far as I know, these records will never be duplicates - all of these
records have a date/time field.
Sandy
"Juan T. Llibre" wrote:
re:
> How is this issue usually handled?
By not accepting duplicate records in the database.
Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
=============== =======
"Sandy" <Sa***@discussi ons.microsoft.c om> wrote in message
news:4B******** *************** ***********@mic rosoft.com...
> Hello -
>
> Thought I was almost done with my project and then a back arrow button
> issue
> raised its ugly head.
>
> Once a user fills out a form and submits it (done via stored procedure
> into
> a Sql Server database), what's to prevent them from pressing the back
> button
> and resubmitting the form multiple times and creating havoc with my
> database?
> How is this issue usually handled?
>
> Any help will be greatly appreciated!
> --
> Sandy
Check out the source code for the Community Server Forums.
They do just that. http://www.communityserver.org/forums/
Juan T. Llibre
ASP.NET MVP http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
=============== =======
"Sandy" <Sa***@discussi ons.microsoft.c om> wrote in message
news:31******** *************** ***********@mic rosoft.com... Hi Juan -
Any ideas on how to go about doing that?
Sandy
"Juan T. Llibre" wrote:
You could also implement some sort of a time
limit needed before a second record can be posted.
Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
=============== =======
"Sandy" <Sa***@discussi ons.microsoft.c om> wrote in message
news:C6******** *************** ***********@mic rosoft.com... > Thanks for responding, Juan -
>
> As far as I know, these records will never be duplicates - all of these
> records have a date/time field.
>
> Sandy
>
> "Juan T. Llibre" wrote:
>
>> re:
>> > How is this issue usually handled?
>>
>> By not accepting duplicate records in the database.
>>
>>
>>
>> Juan T. Llibre
>> ASP.NET MVP
>> http://asp.net.do/foros/
>> Foros de ASP.NET en Español
>> Ven, y hablemos de ASP.NET...
>> =============== =======
>>
>> "Sandy" <Sa***@discussi ons.microsoft.c om> wrote in message
>> news:4B******** *************** ***********@mic rosoft.com...
>> > Hello -
>> >
>> > Thought I was almost done with my project and then a back arrow
>> > button
>> > issue
>> > raised its ugly head.
>> >
>> > Once a user fills out a form and submits it (done via stored
>> > procedure
>> > into
>> > a Sql Server database), what's to prevent them from pressing the
>> > back
>> > button
>> > and resubmitting the form multiple times and creating havoc with my
>> > database?
>> > How is this issue usually handled?
>> >
>> > Any help will be greatly appreciated!
>> > --
>> > Sandy
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Dave |
last post by:
After following Microsofts admonition to reformat my system before doing a
final compilation of my app I got many warnings/errors upon compiling an rtf
file created in word. I used the Help Workshop program: hcw.exe that's
included with Visual Basic. This exact same file compiled perfectly with no
notes, warnings or errors prior to reformatting my system. Prior to the
reformatting, I copied the help.rtf file onto a CD and checked the box to...
|
by: wukexin |
last post by:
Help me, good men. I find mang books that introduce bit "mang header
files",they talk too bit,in fact it is my too fool, I don't learn it, I have
do a test program, but I have no correct doing result in any way. Who can
help me, I thank you very very much.
list.cpp(main program)
//--------------------------------------------------------------------------
-
#pragma hdrstop
#pragma argsused
|
by: Colin J. Williams |
last post by:
Python advertises some basic service:
C:\Python24>python
Python 2.4.1 (#65, Mar 30 2005, 09:13:57) on
win32
Type "help", "copyright", "credits" or "license" for more information.
>>>
With numarray, help gives unhelpful responses:
|
by: JonathanOrlev |
last post by:
Hello everybody,
I wrote this comment in another message of mine, but decided to post it
again as a standalone message.
I think that Microsoft's Office 2003 help system is horrible, probably
the worst I
ever seen.
I almost cannot find anything I need, including things I
|
by: hitencontractor |
last post by:
I am working on .NET Version 2003 making an SDI application that calls MS Excel 2003.
I added a menu item called "MyApp Help" in the end of the menu bar to show Help-> About.
The application calls MS Excel, so the scenario is that I am supposed to see the Excel Menu bar,
FILE EDIT VIEW INSERT ... HELP.
I am able to see the menu bar, but in case of Help, I see the Help of Excel and help of my application, both as a submenu of help.
...
| | |
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
| | |
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
