By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,836 Members | 2,059 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,836 IT Pros & Developers. It's quick & easy.

Guarding against multiple postbacks

P: n/a
I just wondered what methods people used typically when trying to guard
against a POSTed script being reloaded at the users browser and
effectively re-posting the same data again ?

I have some administration forms which call the same PHP page when they
postback and the $action variable is taken from the form to signal what
action should be taken.

I need a good effective and easy way of stopping people from simply
clicking reload and posting the data again and wondered what the best
method people have found is?

Thanks in advance.
Apr 10 '07 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Tyno Gendo schreef:
I just wondered what methods people used typically when trying to guard
against a POSTed script being reloaded at the users browser and
effectively re-posting the same data again ?

I have some administration forms which call the same PHP page when they
postback and the $action variable is taken from the form to signal what
action should be taken.

I need a good effective and easy way of stopping people from simply
clicking reload and posting the data again and wondered what the best
method people have found is?

Thanks in advance.

if ($_POST['whatever'])
{
// do stuff

// reload page
header ("Location: index.php");
}

--
Arjen
http://www.hondenpage.com - Mijn site over honden
Apr 10 '07 #2

P: n/a
Arjen wrote:
Tyno Gendo schreef:
>I just wondered what methods people used typically when trying to guard
against a POSTed script being reloaded at the users browser and
effectively re-posting the same data again ?

I have some administration forms which call the same PHP page when they
postback and the $action variable is taken from the form to signal what
action should be taken.

I need a good effective and easy way of stopping people from simply
clicking reload and posting the data again and wondered what the best
method people have found is?

Thanks in advance.


if ($_POST['whatever'])
{
// do stuff

// reload page
header ("Location: index.php");
}
Ah... excellent idea, what didn't it even cross my mind... hehehe.
Apr 10 '07 #3

P: n/a
Tyno Gendo wrote:
Arjen wrote:
>Tyno Gendo schreef:
>>I just wondered what methods people used typically when trying to guard
against a POSTed script being reloaded at the users browser and
effectively re-posting the same data again ?

I have some administration forms which call the same PHP page when they
postback and the $action variable is taken from the form to signal what
action should be taken.

I need a good effective and easy way of stopping people from simply
clicking reload and posting the data again and wondered what the best
method people have found is?

Thanks in advance.


if ($_POST['whatever'])
{
// do stuff

// reload page
header ("Location: index.php");
}

Ah... excellent idea, what didn't it even cross my mind... hehehe.
That's a good one; another method I've used before if you have session
variables available is to set a session var that blocks the script post from
happening again until it's unset...i.e. when the user legitimately comes back
from the correct route. I've mainly used this on contact forms etc.

if (isset($_POST['submit']) && !isset($_SESSION['block'])) {
// Code

// Set block
$_SESSION['block'] = true;
} else {
echo 'Data already posted!';
}

Make sure to unset the session var or when you hit the above code it'll never
process a valid POST.

Paul
Apr 10 '07 #4

P: n/a
>>>I just wondered what methods people used typically when trying to guard
>>>against a POSTed script being reloaded at the users browser and
effectively re-posting the same data again ?
I've used a method that essentially combines (with modifications) the two
ideas you've already been presented with.

If there is $_POST data present, I put it into the $_SESSION variable,
something like:

$_SESSION[ 'post_data' ] = $_POST;

and then I force a reload of the page.

Now, if the page loads WITHOUT $_POST data, but WITH $_SESSION[
'post_data' ] present, then I do the processing and null out $_SESSION[
'post_data' ].

I don't know if this is foolproof (I suspect it's not), but it's been quite
effective where I've used it.
Apr 11 '07 #5

This discussion thread is closed

Replies have been disabled for this discussion.