Reply to Re: [PHP] Preventing data from being reposted?

Your name:

Reply:


Posted by Jochem Maas on 03/03/05 15:56

Gareth Williams wrote:
>
> Wouldn't using GET instead of POST help?

in a way it could - but you don't usually want to use a GET as this
can be easily spoofed (i.e. anyone could send you a link or post one in a forum
that would do the post action without warning you)

which comes down to: you should be 'certified' if you use GET to allow
users to submit a payment confirmation - you only want a FORM to be able to
submit such a confirmation rather than allowing any old link to issue such a
confirmation....

for a much better description on why using GET is 'bad' in this kind of situation
I refer you to posts made by Richard Lynch (I think??) in the last 6 weeks (can't remember the
subject Im afraid)


>
> Gareth Williams
> venditor.com
>
> Buy cool stuff online at <a href="http://www.venditor.com">venditor.com</a>
>
> On 3 Mar 2005, at 14:20, Jochem Maas wrote:
>
>> rory walsh wrote:
>>
>>> Thanks Eoghan, I have tried the following but it still reposts the
>>> data from the form and goes back a page?
>>> header("Cache-control: private");
>>> header("Cache-Control: no-store, no-cache, must-revalidate");
>>> header("Cache-Control: post-check=0, pre-check=0", false);
>>> header("Pragma: no-cache");
>>> Am I write in assuming that the above headers should prevent the user
>>> from going back in the first place as no cache has been taken?
>>
>>
>> no - just that if they do then the page will have to be reloaded (under
>> std conditions the user then gets the 'Are you sure you want to
>> repost?' kind
>> of message)
>>
>> before asking anything more on this topic, look up a thread on this
>> lists archive entitled
>>
>> 'Clear POST variables on page refresh'
>>
>> this should give you headsup on the issues + a good suggestion by Richard
>> Lynch on how to handle this (his idea uses md5 hashes to 'auth'
>> specific POST
>> actions, when the POST occurs the given hash is invalidated... read
>> original thread
>> for full info)
>>
>>> Eoghan wrote:
>>>
>>>> you can use header()
>>>> http://ie.php.net/header
>>>>
>>>>
>>>> rory walsh wrote:
>>>>
>>>>> Is there anyway I can prevent data from being reposted when I hit
>>>>> the back button on my browser? When I hit back I get a message from
>>>>> my browser asking do I want to repost the data, can I prevent this
>>>>> window from appearing?
>>>>>
>>
>> --
>> PHP General Mailing List (http://www.php.net/)
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>
>

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация