|
Posted by Richard Lynch on 10/19/96 11:07
Chris W. Parker wrote:
> Richard Lynch <mailto:ceo@l-i-e.com>
> on Thursday, February 03, 2005 11:26 AM said:
>
>> A simple thing to do is to put an md5 hash into the POST data, then
>> only do the insert if that md5 hash isn't already "used" when they
>> hit refresh.
>>
>> This avoids the hassle of re-direct headers and trying to follow
>> programming logic bouncing from script to script.
>
> Come now, let's not be so dramatic. :P
>
> "hassle of re-direct":
>
> <?php
>
> header("Location: http://fq.dn/page.ext");
>
> ?>
Except if you start using sessions, but then need to not use cookies
because they're now "off" by default in browsers, so you use trans-sid,
will that PHPSESSID get tacked on to the end of the re-location header?
I think not.
So then you have a *TON* of code to fix, because somebody put all these
header("Location:") in the code and you need the PHPSESSID on the end of
every one of them.
> "programming logic bouncing from script to script":
>
> It would be the same logic/handling of the form, just split across two
> pages. Not really much changing is necessary. Except of course that you
> will have to send data back to the form page via the querystring should
> you have the need (i.e. form errors).
Months later, when trying to track down what is happening, you end up
opening up a file that matches the URL to find out what's going on, only
to find out it's not in that file because you did a header redirect to
another file, so then you open up that other file but then you find
another header redirect so then you open up another file, ...
You end up with 20 files open, with a snarled mess of header re-directs
bouncing you back and forth from file to file, for the very very very
common act of filling out a form.
No, thanks.
I'll stick to structuring my code so I don't need the re-direct.
> Not trying to knock you or the MD5 solution you offered. Just thought
> you made the two page solution sound scarier than it really is.
If it was only two pages, and there was only one header() re-direct, fine.
But what ends up happening is you get in the habit of doing this all over
the place, and you have a mess of spaghetti logic spread over a hundred
files.
At least, that's been my experience in trying to debug the mess people
have made with this header re-direct.
They can't use just one.
Perhaps you've had better luck with better programmers and header
re-direct usage -- All I know is, every time I find a header("Location:")
in somebody's PHP source code, I just know it's going to bite me in the
ass some day.
YMMV
Plus, the user can *STILL* use the pull-down menu of some browsers to go
back two pages and re-submit the form with the same data, or they can
click "back" fast enough to get there (on some browsers) and end up
re-loading the form that way.
If you need to be sure they don't do that, the md5 method will ALWAYS
work, not just "sometimes" work.
You want ALWAYS works or SOMETIMES works?
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|