473,698 Members | 2,166 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Help! Back button - Redesign Project???

Hello -

Thought I was almost done with my project and then a back arrow button issue
raised its ugly head.

Once a user fills out a form and submits it (done via stored procedure into
a Sql Server database), what's to prevent them from pressing the back button
and resubmitting the form multiple times and creating havoc with my database?
How is this issue usually handled?

Any help will be greatly appreciated!
--
Sandy
Nov 19 '05 #1
11 1451
Sandy,

The best way to protect the database is to build protection into the
database. Do you have primary keys and unique indexes appropriately
designated in your database? If not, you should definitely put them
in.

A unique index can protect you from users inserting duplicate records
in subsequent posts. Subsequent submittals of the form with the same
data would likely violate one of your constraints and no duplicate
record would be inserted. An error can be returned to the user stating
what happened.

For updates, use a concurrency ID on the table that increments for each
successive update for each record. You can use a trigger to do the
incrementing. In your update procedure, check for the value of the
concurrency ID as it is in the form (you can store it in a hidden text
field). If it is not equal to the value in the database for the
selected record, your procedure can return an error, which can be
displayed to the user. Use of the back button will always return an
obsolete concurrency ID and will never result in an update. This
technique will also protect you from cases where a user overwrites
changes made by another user.

I think that ensuring integrity at the database level is preferable to
doing so in the application. If you rely on the application and users
access the data from outside the application, you have no protection.

The last thing that you want to do is to start wrestling with the
user's browser.

Bill E.

Nov 19 '05 #2
re:
How is this issue usually handled?
By not accepting duplicate records in the database.

Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
=============== =======

"Sandy" <Sa***@discussi ons.microsoft.c om> wrote in message
news:4B******** *************** ***********@mic rosoft.com... Hello -

Thought I was almost done with my project and then a back arrow button
issue
raised its ugly head.

Once a user fills out a form and submits it (done via stored procedure
into
a Sql Server database), what's to prevent them from pressing the back
button
and resubmitting the form multiple times and creating havoc with my
database?
How is this issue usually handled?

Any help will be greatly appreciated!
--
Sandy

Nov 19 '05 #3
Thanks for your response, Bill. How would I go about doing that? Here's my
table:

CREATE TABLE [tblPost] (
[PostID] [int] IDENTITY (1, 1) NOT NULL ,
[UserID] [int] NOT NULL ,
[TopicID] [int] NOT NULL ,
[Question] [char] (100) COLLATE SQL_Latin1_Gene ral_CP1_CI_AS NOT NULL ,
[PostMsg] [text] COLLATE SQL_Latin1_Gene ral_CP1_CI_AS NULL ,
[PostDT] [datetime] NOT NULL CONSTRAINT [DF_tblPost_Post DT] DEFAULT
(getdate()),
CONSTRAINT [PK_tblPost] PRIMARY KEY CLUSTERED
(
[PostID]
) ON [PRIMARY]
) ON [PRIMARY]

Here's my stored procedure:

ALTER Procedure spInsertPostMsg
@UserID int,
@TopicID int,
@Question char(100),
@PostMsg text,

@PostDT datetime = Default,
@PostID int OUTPUT
AS
Insert into tblPost
Values
(
@UserID,
@TopicID,
@Question,
@PostMsg,
GetDate()
)
Declare @Ident int
Select @PostID = @@IDENTITY
Select @Ident = @PostID
*************** ***
A unique index can protect you from users inserting duplicate records
in subsequent posts. Subsequent submittals of the form with the same
data would likely violate one of your constraints and no duplicate
record would be inserted. An error can be returned to the user stating
what happened.
I have a date/time column - the entries would never be the same. Is my
logic flawed on this? Also, this table will not be updated - just new
entries added.

I agree this should be done at the DB level -- perhaps at both levels would
be an even better solution . . .

Thanks again!

Sandy

"bi********@net scape.net" wrote:
Sandy,

The best way to protect the database is to build protection into the
database. Do you have primary keys and unique indexes appropriately
designated in your database? If not, you should definitely put them
in.

A unique index can protect you from users inserting duplicate records
in subsequent posts. Subsequent submittals of the form with the same
data would likely violate one of your constraints and no duplicate
record would be inserted. An error can be returned to the user stating
what happened.

For updates, use a concurrency ID on the table that increments for each
successive update for each record. You can use a trigger to do the
incrementing. In your update procedure, check for the value of the
concurrency ID as it is in the form (you can store it in a hidden text
field). If it is not equal to the value in the database for the
selected record, your procedure can return an error, which can be
displayed to the user. Use of the back button will always return an
obsolete concurrency ID and will never result in an update. This
technique will also protect you from cases where a user overwrites
changes made by another user.

I think that ensuring integrity at the database level is preferable to
doing so in the application. If you rely on the application and users
access the data from outside the application, you have no protection.

The last thing that you want to do is to start wrestling with the
user's browser.

Bill E.

Nov 19 '05 #4
Thanks for responding, Juan -

As far as I know, these records will never be duplicates - all of these
records have a date/time field.

Sandy

"Juan T. Llibre" wrote:
re:
How is this issue usually handled?


By not accepting duplicate records in the database.

Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
=============== =======

"Sandy" <Sa***@discussi ons.microsoft.c om> wrote in message
news:4B******** *************** ***********@mic rosoft.com...
Hello -

Thought I was almost done with my project and then a back arrow button
issue
raised its ugly head.

Once a user fills out a form and submits it (done via stored procedure
into
a Sql Server database), what's to prevent them from pressing the back
button
and resubmitting the form multiple times and creating havoc with my
database?
How is this issue usually handled?

Any help will be greatly appreciated!
--
Sandy


Nov 19 '05 #5
You could also implement some sort of a time
limit needed before a second record can be posted.

Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
=============== =======

"Sandy" <Sa***@discussi ons.microsoft.c om> wrote in message
news:C6******** *************** ***********@mic rosoft.com...
Thanks for responding, Juan -

As far as I know, these records will never be duplicates - all of these
records have a date/time field.

Sandy

"Juan T. Llibre" wrote:
re:
> How is this issue usually handled?


By not accepting duplicate records in the database.

Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
=============== =======

"Sandy" <Sa***@discussi ons.microsoft.c om> wrote in message
news:4B******** *************** ***********@mic rosoft.com...
> Hello -
>
> Thought I was almost done with my project and then a back arrow button
> issue
> raised its ugly head.
>
> Once a user fills out a form and submits it (done via stored procedure
> into
> a Sql Server database), what's to prevent them from pressing the back
> button
> and resubmitting the form multiple times and creating havoc with my
> database?
> How is this issue usually handled?
>
> Any help will be greatly appreciated!
> --
> Sandy

Nov 19 '05 #6
Sandy,

I don't know how you are using your table. If a given user can only
post an entry for the same question once, then you could create a
unique index on the columns UserID and Question.

On the other hand, if you are using the table to capture exchanges
between users where a user posts a question, gets a response but then
the original user later responds to the first respondent and so on
(like this usenet forum), then you will need to allow multiple entries
for the same user/question. You won't be able to restrict postings
based user/question and you can't really restrict postings based on
date/time. In fact, your definition of "duplicate" would involve
checking if the PostMsg text column were the same as in a previous
record for the same user in the table. You can certainly do this, but
now you're dealing with text data types, which are much clumsier to
work with in your stored procedures.

I suppose in this case, you may not have any good options on the
database side except user training! You can also take steps to lower
the likelihood that the user will use the back button. For example, if
a question is successfully posted, the user is told so and furnished
with a convenient link to another part of the application.

I hope that I'm not way off track in my interpretation.

Bill

Nov 19 '05 #7
Hi Bill -

No, you're not off track - you got it exactly right! Do you happen to know
how any of these user groups handle this?

Sandy

"bi********@net scape.net" wrote:
Sandy,

I don't know how you are using your table. If a given user can only
post an entry for the same question once, then you could create a
unique index on the columns UserID and Question.

On the other hand, if you are using the table to capture exchanges
between users where a user posts a question, gets a response but then
the original user later responds to the first respondent and so on
(like this usenet forum), then you will need to allow multiple entries
for the same user/question. You won't be able to restrict postings
based user/question and you can't really restrict postings based on
date/time. In fact, your definition of "duplicate" would involve
checking if the PostMsg text column were the same as in a previous
record for the same user in the table. You can certainly do this, but
now you're dealing with text data types, which are much clumsier to
work with in your stored procedures.

I suppose in this case, you may not have any good options on the
database side except user training! You can also take steps to lower
the likelihood that the user will use the back button. For example, if
a question is successfully posted, the user is told so and furnished
with a convenient link to another part of the application.

I hope that I'm not way off track in my interpretation.

Bill

Nov 19 '05 #8
Hi Juan -

Any ideas on how to go about doing that?

Sandy

"Juan T. Llibre" wrote:
You could also implement some sort of a time
limit needed before a second record can be posted.

Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
=============== =======

"Sandy" <Sa***@discussi ons.microsoft.c om> wrote in message
news:C6******** *************** ***********@mic rosoft.com...
Thanks for responding, Juan -

As far as I know, these records will never be duplicates - all of these
records have a date/time field.

Sandy

"Juan T. Llibre" wrote:
re:
> How is this issue usually handled?

By not accepting duplicate records in the database.

Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
=============== =======

"Sandy" <Sa***@discussi ons.microsoft.c om> wrote in message
news:4B******** *************** ***********@mic rosoft.com...
> Hello -
>
> Thought I was almost done with my project and then a back arrow button
> issue
> raised its ugly head.
>
> Once a user fills out a form and submits it (done via stored procedure
> into
> a Sql Server database), what's to prevent them from pressing the back
> button
> and resubmitting the form multiple times and creating havoc with my
> database?
> How is this issue usually handled?
>
> Any help will be greatly appreciated!
> --
> Sandy


Nov 19 '05 #9
Check out the source code for the Community Server Forums.
They do just that.

http://www.communityserver.org/forums/

Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
=============== =======

"Sandy" <Sa***@discussi ons.microsoft.c om> wrote in message
news:31******** *************** ***********@mic rosoft.com...
Hi Juan -

Any ideas on how to go about doing that?

Sandy

"Juan T. Llibre" wrote:
You could also implement some sort of a time
limit needed before a second record can be posted.

Juan T. Llibre
ASP.NET MVP
http://asp.net.do/foros/
Foros de ASP.NET en Español
Ven, y hablemos de ASP.NET...
=============== =======

"Sandy" <Sa***@discussi ons.microsoft.c om> wrote in message
news:C6******** *************** ***********@mic rosoft.com...
> Thanks for responding, Juan -
>
> As far as I know, these records will never be duplicates - all of these
> records have a date/time field.
>
> Sandy
>
> "Juan T. Llibre" wrote:
>
>> re:
>> > How is this issue usually handled?
>>
>> By not accepting duplicate records in the database.
>>
>>
>>
>> Juan T. Llibre
>> ASP.NET MVP
>> http://asp.net.do/foros/
>> Foros de ASP.NET en Español
>> Ven, y hablemos de ASP.NET...
>> =============== =======
>>
>> "Sandy" <Sa***@discussi ons.microsoft.c om> wrote in message
>> news:4B******** *************** ***********@mic rosoft.com...
>> > Hello -
>> >
>> > Thought I was almost done with my project and then a back arrow
>> > button
>> > issue
>> > raised its ugly head.
>> >
>> > Once a user fills out a form and submits it (done via stored
>> > procedure
>> > into
>> > a Sql Server database), what's to prevent them from pressing the
>> > back
>> > button
>> > and resubmitting the form multiple times and creating havoc with my
>> > database?
>> > How is this issue usually handled?
>> >
>> > Any help will be greatly appreciated!
>> > --
>> > Sandy


Nov 19 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

21
6546
by: Dave | last post by:
After following Microsofts admonition to reformat my system before doing a final compilation of my app I got many warnings/errors upon compiling an rtf file created in word. I used the Help Workshop program: hcw.exe that's included with Visual Basic. This exact same file compiled perfectly with no notes, warnings or errors prior to reformatting my system. Prior to the reformatting, I copied the help.rtf file onto a CD and checked the box to...
6
4338
by: wukexin | last post by:
Help me, good men. I find mang books that introduce bit "mang header files",they talk too bit,in fact it is my too fool, I don't learn it, I have do a test program, but I have no correct doing result in any way. Who can help me, I thank you very very much. list.cpp(main program) //-------------------------------------------------------------------------- - #pragma hdrstop #pragma argsused
3
3357
by: Colin J. Williams | last post by:
Python advertises some basic service: C:\Python24>python Python 2.4.1 (#65, Mar 30 2005, 09:13:57) on win32 Type "help", "copyright", "credits" or "license" for more information. >>> With numarray, help gives unhelpful responses:
10
3359
by: JonathanOrlev | last post by:
Hello everybody, I wrote this comment in another message of mine, but decided to post it again as a standalone message. I think that Microsoft's Office 2003 help system is horrible, probably the worst I ever seen. I almost cannot find anything I need, including things I
0
2883
by: hitencontractor | last post by:
I am working on .NET Version 2003 making an SDI application that calls MS Excel 2003. I added a menu item called "MyApp Help" in the end of the menu bar to show Help-> About. The application calls MS Excel, so the scenario is that I am supposed to see the Excel Menu bar, FILE EDIT VIEW INSERT ... HELP. I am able to see the menu bar, but in case of Help, I see the Help of Excel and help of my application, both as a submenu of help. ...
0
8675
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9160
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9029
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
8897
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
8862
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
1
6521
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
4619
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3050
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
3
2002
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.