Posted by Crispy Beef on 04/10/07 14:55

Tyno Gendo wrote:
> Arjen wrote:
>> Tyno Gendo schreef:
>>> I just wondered what methods people used typically when trying to guard
>>> against a POSTed script being reloaded at the users browser and
>>> effectively re-posting the same data again ?
>>>
>>> I have some administration forms which call the same PHP page when they
>>> postback and the $action variable is taken from the form to signal what
>>> action should be taken.
>>>
>>> I need a good effective and easy way of stopping people from simply
>>> clicking reload and posting the data again and wondered what the best
>>> method people have found is?
>>>
>>> Thanks in advance.
>>
>>
>> if ($_POST['whatever'])
>> {
>> // do stuff
>>
>> // reload page
>> header ("Location: index.php");
>> }
>>
>
> Ah... excellent idea, what didn't it even cross my mind... hehehe.

That's a good one; another method I've used before if you have session
variables available is to set a session var that blocks the script post from
happening again until it's unset...i.e. when the user legitimately comes back
from the correct route. I've mainly used this on contact forms etc.

if (isset($_POST['submit']) && !isset($_SESSION['block'])) {
// Code

// Set block
$_SESSION['block'] = true;
} else {
echo 'Data already posted!';
}

Make sure to unset the session var or when you hit the above code it'll never
process a valid POST.

Paul

[Back to original message]