#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2006
    Posts
    124
    Rep Power
    20

    Stopping People From Reloading a Page


    Hi! I have a form, and when submitted it inserts a new row into a database. If people reload the target page, I'm sure that it'll reinsert another duplicate row. How do I stop people from submitting info numerous times?

    Thank you very much.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2003
    Posts
    175
    Rep Power
    17
    There's a lot of different ways...

    Just off-hand:

    You could use a MySQL unique field (if your form has a username field, or something along those lines...)

    You could do a test of $_SERVER['HTTP_REFERER'] to make sure they're coming from the form, I think if you access the page by refreshing then the variable will be empty.

    You could display a "saved" screen then have the page refresh to a new page.
  4. #3
  5. Contributing User
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Dec 2003
    Location
    Washington, DC Metro
    Posts
    1,747
    Rep Power
    891
    Originally Posted by meamrussian
    Hi! I have a form, and when submitted it inserts a new row into a database. If people reload the target page, I'm sure that it'll reinsert another duplicate row. How do I stop people from submitting info numerous times?

    Thank you very much.
    I think the easiest solution to this is to just not process the form on the target page.

    Instead of processing the form and then displaying a message within the same PHP page, consider just redirecting the user to a new page altogether. Then they can reload the target page to their heart's desire and it won't re-process the form.
  6. #4
  7. His name is Robert Paulson!
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Feb 2005
    Location
    Paper Street
    Posts
    2,683
    Rep Power
    158
    I use sessions to control this, checking the session in my logic to determine if it's been submitted before...

    something like
    PHP Code:
                $admin->gather();
                if(
    $_SESSION['checksum'] != sha1($_POST['entry'].$_POST['title']))
                {
                    if(
    $admin->update())
                    {
                        
    $_SESSION['checksum'] = sha1($_POST['entry'].$_POST['title']);
                        
    $_POST = array();
                        
    $message .= '<p class="notes success">Successfully updated the entry</p>';
                    }
                    else
                    {
                        
    $message .= '<p class="notes error">There was a problem editting entry</p>';
                    }
                }
                else
                {
                    
    $message .= '<p class="notes error">Please do not refresh the page</p>';
                } 
    Environmental LIMS
    What the hell is all this LIMS st*ff about?
    ---------------------------------------
    PHP Pagination Function
    PHP Drop Down Menus
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2006
    Posts
    124
    Rep Power
    20
    Actually, bdreyer, my script is already doing that. When someone clicks "Submit" it goes to the target page and does the query, but it redirects to another page in 5 seconds. But, if someone is really out to cheat the system, they can stop the redirect at will and refresh as many times as they want.

    In this case, I think then that I should go with Adrastea0413's suggestion: to check to see if a field that the customer entered already exists in the database.

    Well, that answers that question. However, this brings me to another question (it might seem irrelevent to this topic, but they are actually related.) Is there a way to automatically delete a MySQL row after, say, 24 hours if a certain field requirement is not met? In my case, it adds the customer's information to the database, but nothing takes effect until he pays. When he does, the "paid" field updates. So, if this field doesn't update within 24 hours, how can it delete itself?

    Thanks a lot for the help!
  10. #6
  11. Banned

    Join Date
    Jul 2004
    Location
    The Mews At Windsor Heights
    Posts
    5,326
    Rep Power
    0
    A PHP script called via CRON would do it. I don't think MySQL can do it on it's own.
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2006
    Posts
    124
    Rep Power
    20
    Ah, I see. That's a problem for me then. I don't know how to use cron jobs

    Oh well, thanks
  14. #8
  15. Back and Forth.
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2003
    Location
    Earth
    Posts
    491
    Rep Power
    0
    Originally Posted by meamrussian
    Ah, I see. That's a problem for me then. I don't know how to use cron jobs

    Oh well, thanks
    One simple solution that could work if you don't want to setup a full CRON job, is to sign up with one of these free sites ( I don't have any links to one right now - try Google), which will view a page on one of your websites - therefore, triggering whatever code is within it. Obviously there are some security risks to this approach. Use a really original hard-to-guess name for the PHP script.

    Let's say you name it youllneverguess.php. You upload this file to your server in a particular directory. Then the free website will browse that file as if a normal user is viewing it, at a specific time that you specify.

    Within the script, you could run a timestamp check on your MySQL rows and if it's been more than 24 hours - delete that row.

    Just an idea!

    Comments on this post

    • meamrussian agrees
  16. #9
  17. Back and Forth.
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2003
    Location
    Earth
    Posts
    491
    Rep Power
    0
    This tutorial might help too!

    http://www.phpfreaks.com/tutorials/28/0.php
  18. #10
  19. Back and Forth.
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2003
    Location
    Earth
    Posts
    491
    Rep Power
    0
    Here's a couple free websites that check your website every so often, you could configure to check your script (I believe):

    http://www.siteuptime.com/
    http://pingability.com/

    Point to domain.com/hidden/youllneverguess.php

    Comments on this post

    • meamrussian agrees
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2006
    Posts
    124
    Rep Power
    20
    Thanks for the tutorial link and suggestions. However, it's going to take a PHP genius to make a script that'll read the date, check for a field, and see if 24 hours have passed since the making of the row. And I am not a genius

    Thanks for the help!
  22. #12
  23. Back and Forth.
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2003
    Location
    Earth
    Posts
    491
    Rep Power
    0
    Well, do you insert a timestamp into any of the fields within the database? If not...you could begin by adding an extra field to your database and adding a timestamp each time a new row is inserted.

    Then if you need further help - put up your table structure - list the fields etc. and the current MySQL query that you are running.

    Cheers!
    Last edited by njcallen; July 14th, 2006 at 01:13 PM.
  24. #13
  25. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2005
    Posts
    102
    Rep Power
    14
    why dont you just do what callen said by adding another field as a datetime type and you can have a function called clean that you can set to run when the first person accesses your website each day. the function could be like

    Code:
    function clean(){
       select when_put_in from table
       if(when_put_in olderthan 12 hours){
          delete row
       }//end if
    }//end fun
    I have something similar on my site and there are around 3-4k active rows at anytime, thats why I made the clean function

    just my idea :-p
  26. #14
  27. (retired)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2003
    Location
    The Laboratory
    Posts
    10,054
    Rep Power
    1391
    Oh dear god. Form handling 101 -

    Every post'ed form submit should be redirected somewhere - even if it's just to itself.

    e.g.
    PHP Code:
    if( isset( $_POST'somevariable' ] ) )
    {
        
    //process data and insert

       
    header'Location: '.$_SERVER'SCRIPT_NAME' ] );
       exit();

    Now - once the processing is done, the user is forwarded ( invisibly ) to the same page, but the post data has gone, so you don't get duplicated inserts. Just as importantly you don't get those ugly "repost form data y/n" warnings.

    If you have people actively spoofing post data, then you're going to need to add a token or a nonce.

    --Simon
    Last edited by SimonGreenhill; July 14th, 2006 at 06:13 PM.
  28. #15
  29. Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2003
    Posts
    449
    Rep Power
    0
    I have the same problem and everything in this thread seems awefully hard.
    Adrastea0413's-I send users to page1.php where they add data, they click submit and the page goes to page2.php where the myswl query executes and enters the data into mysql. page2 then redirects the user back to page0.php (which has had nothing to do with the forms) and if they hit refresh there... it submits the data again so redirects dont work in my case.

    Here is my code
    PHP Code:
        switch ($submit)
            {
                case 
    "Submit":
                    
                    
    $query "INSERT INTO company (name, address, address2, suburb, state,";
                    
    $query .=" postcode, phone, business, firstsupported, flag, ABN,";
                    
    $query .=" ppccontact, sub_comp, head_sub) VALUES";
                    
    $query .=" ('$companyname', '$address', '$address2', '$suburb', '$state', '$postcode',";
                    
    $query .=" '$phone', '$businesstype', '$year-$month-$day', '$relate', '$ABN', '$ppccontact', RAND(), 'h')";
                    
    mysql_query($query);

                    
    $id mysql_insert_id();

                    
    $query1 "INSERT INTO contacts (salutation, name, surname, mobile, direct,";
                    
    $query1 .=" position, company, companyid, email) VALUES ('$salutation',";
                    
    $query1 .=" '$cname', '$surname', '$mobile', '$direct', '$position', '$companyname',";
                    
    $query1 .=" '$id', '$email')";
                    
    mysql_query($query1);

                case 
    "Cancel":
                    
    header ("Location: /company/companies.php?order=name");
                    exit;
            } 
    Given that, isnt there something simple like
    PHP Code:
        switch ($submit)
            {
                case 
    "Submit":
                    
                    
    $query "INSERT INTO company (name, address, address2, suburb, state,";
                    
    $query .=" postcode, phone, business, firstsupported, flag, ABN,";
                    
    $query .=" ppccontact, sub_comp, head_sub) VALUES";
                    
    $query .=" ('$companyname', '$address', '$address2', '$suburb', '$state', '$postcode',";
                    
    $query .=" '$phone', '$businesstype', '$year-$month-$day', '$relate', '$ABN', '$ppccontact', RAND(), 'h')";
                    
    mysql_query($query);

                    
    $id mysql_insert_id();

                    
    $query1 "INSERT INTO contacts (salutation, name, surname, mobile, direct,";
                    
    $query1 .=" position, company, companyid, email) VALUES ('$salutation',";
                    
    $query1 .=" '$cname', '$surname', '$mobile', '$direct', '$position', '$companyname',";
                    
    $query1 .=" '$id', '$email')";
                    
    mysql_query($query1);


                                 
    drop_form_data;


                case 
    "Cancel":
                    
    header ("Location: /company/companies.php?order=name");
                    exit;
            } 
    where the "drop_form_data" would be a PHP command that flushes the form data out of mem?
    Last edited by Ricta; August 10th, 2006 at 02:01 AM.

IMN logo majestic logo threadwatch logo seochat tools logo