Posted by Peter Fox on 09/19/05 01:28

Following on from John's message. . .
>I have a problem with refresh.

You have to understand that scripting web pages is like sending letters
in the mail between people. It isn't like a phone conversation. In
fact it is more like a coupon in a newspaper which you cut out and send
for your free starter bag of toenail clippings or whatever. There is
nothing to stop somebody sending the form twice. It is up to you in
your office (ie server-side) to weed out the double clickers and robots.

OK so you don't want to be bothered and don't want to send them to
another page[1] - Sorry chum, it goes with the territory. Anyway, it
isn't difficult and _even after_ you have tested your pages with the
most daft (not to mention malicious) input you will still find odd ways
in which it gets abused.

Have a look at the posts to this ng in the last 10 days for the sorts of
things to look out for. At the very least you will want to keep a log
of what's been going on so you can spot abuse. If your site is
commercial then FX:Sharp intake of breath. Does Blogg's the builders
really want to be the subject of an investigation for sending out
pictures of 10 year old girls? - Yes, it could happen there are bots
looking for innocent sites that haven't got a clue they are being used
to channel spam/porn/u-name-it.

[1] Actually not necessary but it is REALLY IMPORTANT to tell somebody
that something has happened as a result of the clicks they've just made.

--
PETER FOX Not the same since the e-commerce business came to a .
peterfox@eminent.demon.co.uk.not.this.bit.no.html
2 Tees Close, Witham, Essex.
Gravity beer in Essex <http://www.eminent.demon.co.uk>

[Back to original message]