Posted by JDS on 11/19/05 00:04

On Fri, 18 Nov 2005 07:38:02 -0800, Sam wrote:

> Problem: If the user clicks on the browser's refresh button, the same
> data gets added to my SQL database as a new record. Everytime refresh
> is hit, a new record is added with the same data.

To prevent this sort of thing, I always separate out my "action"
components from my "display" components, and use header("Location: ...");
to redirect to the appropriate destination page, usually with a success or
error message.

That is to say, I never have the PHP component that displays stuff to the
browser be the same component that processes input and updates any
relevant database.

<aside>On the web and in books, you see a lot of examples of PHP scripts
using $PHP_SELF as the action="" in an HTML form. This, IMO, is horrible,
horrible programming practice on several levels.</aside>

In any case, to make this work, use *two* (or possibly three) pages -- one
that has the HTML form for user input and and one that processes the data
but never actually prints anything to the browser.

page1.php (some important details ommitted from this example):
<form action="process_form.php">
<input name="butt">
<input type="submit">
</form>


process_form.php:
<?php
$sql = "INSERT INTO cheeks VALUES (1, '" . $_GET['butt'] . "')";
mysql_query($sql);
header("Location: page2.php?message=success");
?>

page2.php:
<?php
print $_GET['message'];
?>


later...
--
JDS | jeffrey@example.invalid
| http://www.newtnotes.com
DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/

[Back to original message]