SitePoint Sponsor

User Tag List

Results 1 to 13 of 13
  1. #1
    SitePoint Evangelist sputza's Avatar
    Join Date
    Jan 2002
    Location
    Canada
    Posts
    528
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Stop double inserts on page refresh

    Hi everyone,

    I had this thread and I also have another question related to that thread but its a new topic. Now that the page inserts into the database, the user can hit the page refresh and it will refresh the page and re-insert the data, causing a double insert.

    The code is below:

    PHP Code:
      if (isset($_GET['db'])):
             
    $heading mysql_real_escape_string($_REQUEST['heading']);
             
    $content mysql_real_escape_string($_REQUEST['content']);
             
    $heading $_SESSION['s_heading'];
             
    $content $_SESSION['s_content'];
        
        
                echo 
    '<div id="adminContent">';
        
                require (
    '../includes/dbconnect.inc.php');
                  
    $sql "INSERT INTO main (heading, content) values ('$heading', '$content')";
                     if (!(
    $res mysql_query($sql))) {
                     echo 
    mysql_error();
                     }
        
                echo 
    '</div>';
        require (
    'includes/footer.inc.php');
        break;
        endif; 
    Steven Watkins
    Chief Web Ninja
    Code Monkey Interactive
    lowgravity.ca

  2. #2
    SitePoint Guru gavwvin's Avatar
    Join Date
    Nov 2004
    Location
    Cornwall, UK
    Posts
    686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You could use a bit of javascript to reduce the risk of double submission:
    Code:
    <form onsubmit="this.submit.disabled = 'disabled'"">
    <input type="submit" name="submit" />
    </form>
    when the user submits (either by enter or clicking the button) the submit becomes disabled. It doesn't make it completely impossible to double submit but makes it harder

  3. #3
    SitePoint Addict
    Join Date
    Aug 2004
    Location
    California
    Posts
    267
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Also look into using PHP's header function to send the uesr back to the page without having the GET/POST information. This will prevent double submission as well.

    You could also add to your code to check for entries that match the user's submission. If an entry is identical to the one the user is trying to submit, have your code prevent the entry from being inserted again.
    The Banana Stand - an Arrested Development fansite
    LC-3 Help - tutorials on the LC-3 educational assembly language

  4. #4
    SitePoint Evangelist sputza's Avatar
    Join Date
    Jan 2002
    Location
    Canada
    Posts
    528
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by gavwvin
    You could use a bit of javascript to reduce the risk of double submission:
    Code:
      <form onsubmit="this.submit.disabled = 'disabled'"">
      <input type="submit" name="submit" />
      </form>
    when the user submits (either by enter or clicking the button) the submit becomes disabled. It doesn't make it completely impossible to double submit but makes it harder
    Im not too worried about the user hitting the submit button more than once. The problem I am having is if the user submits it to the database, they then hit refresh and there will be a second insert into the database.

    How can I stop that?
    Steven Watkins
    Chief Web Ninja
    Code Monkey Interactive
    lowgravity.ca

  5. #5
    SitePoint Evangelist sputza's Avatar
    Join Date
    Jan 2002
    Location
    Canada
    Posts
    528
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would use sessions for something like this... but I can't since Its already using a session to control the user login.

    Is there a way to use sessions with more than one session?
    Steven Watkins
    Chief Web Ninja
    Code Monkey Interactive
    lowgravity.ca

  6. #6
    Keep it simple, stupid! bokehman's Avatar
    Join Date
    Jul 2005
    Posts
    1,935
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just use the same session. It won't wreck what is already happening. After you enter the data in the database write a variable $_SESSION['form_data_stored'] = 1. Now when the form is submitted and before anything else insert the following in your script:
    PHP Code:
    if($_SESSION['form_data_stored'])die('Form has already been submitted.'

  7. #7
    SitePoint Evangelist sputza's Avatar
    Join Date
    Jan 2002
    Location
    Canada
    Posts
    528
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by bokehman
    Just use the same session. It won't wreck what is already happening. After you enter the data in the database write a variable $_SESSION['form_data_stored'] = 1. Now when the form is submitted and before anything else insert the following in your script:
    PHP Code:
    if($_SESSION['form_data_stored'])die('Form has already been submitted.'
    Forgive me but Iím not sure how I would implement that... Can you take my code from above and show me where I should be using your code?
    Steven Watkins
    Chief Web Ninja
    Code Monkey Interactive
    lowgravity.ca

  8. #8
    Keep it simple, stupid! bokehman's Avatar
    Join Date
    Jul 2005
    Posts
    1,935
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Can you post the whole script please?

  9. #9
    SitePoint Evangelist sputza's Avatar
    Join Date
    Jan 2002
    Location
    Canada
    Posts
    528
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I can do that:

    PHP Code:
      <?php
           
    //   ************admain.php***********
           //check for admin session
           //if no admin session, login
           
    session_start();
           if (!isset(
    $_SESSION['id'])) {
               
    header ("Location:login.php");
               }
           require (
    'includes/header.inc.php');
           require (
    'includes/nav.inc.php');
      
      
      if (isset(
    $_GET['db'])):
           
    $heading mysql_real_escape_string($_REQUEST['heading']);
           
    $content mysql_real_escape_string($_REQUEST['content']);
           
    $heading $_SESSION['s_heading'];
           
    $content $_SESSION['s_content'];
      
      
              echo 
    '<div id="adminContent">';
      
              require (
    '../includes/dbconnect.inc.php');
                  
    $sql "INSERT INTO main (heading, content, date) values ('$heading', '$content', NOW())";
                   if (!(
    $res mysql_query($sql))) {
                   echo 
    mysql_error();
                   }
                   
      
      
    ?>
          <p>The new content was added to the main page.</p>
      <?php
              
    echo '</div>';
      require (
    'includes/footer.inc.php');
      break;
      endif;
      
      
      
           
    $usersubmit $_REQUEST['usersubmit'];
      
           if (
    $usersubmit == 1) {
               
    $heading $_POST['heading'];
               
    $content $_POST['content'];
               
    $enter 1;
           }else{
               
    // Get values from session variables
               
    $heading $_SESSION['s_heading'];
               
    $content $_SESSION['s_content'];
           }
      
           if (
    $enter == 1) {
      
           
    // Record user info in sessions
           
    session_start();
           
    $_SESSION['s_heading'] = $heading;
           
    $_SESSION['s_content'] = $content;
      
           echo 
    '<div id="adminContent">';
      
           print 
    "<h2>Confirmation</h2>";
           print 
    "<p>This is the information you have submitted</p>";
      
           
    $addMainConfirm "<p>Heading: $heading <br>\n";
           
    $addMainConfirm .= "Content: $content <br>\n";
      
           print 
    $addMainConfirm;
      
           print 
    "<p><a href=\"addmain.php\">Make changes to the content</a><br />";
           print 
    "<a href=\"addmain.php?db\">Add this content now</a></p>";
           echo 
    '</div>';
      }
      
    ?>
      
           <div id="adminContent">
              <form action="addmain.php?usersubmit=1" method="post">
              <h3>Heading</h3>
              <input name="heading" type="text" size="30" maxlength="100" />
              <h3>Content</h3>
              <textarea name="content" cols="60" rows="20"></textarea>
              <input name="submit" type="submit" value="Add Main Topic" />
              </form>
              </div>
      
      <?php
           
    require ('includes/footer.inc.php');
      
    ?>
    Steven Watkins
    Chief Web Ninja
    Code Monkey Interactive
    lowgravity.ca

  10. #10
    Keep it simple, stupid! bokehman's Avatar
    Join Date
    Jul 2005
    Posts
    1,935
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try this:
    PHP Code:
      if (isset($_GET['db'])):
           if(
    $_SESSION['form_data_stored'])die('Form has already been submitted.');
           
    $heading mysql_real_escape_string($_REQUEST['heading']);
           
    $content mysql_real_escape_string($_REQUEST['content']);
           
    $heading $_SESSION['s_heading'];
           
    $content $_SESSION['s_content'];
      
      
              echo 
    '<div id="adminContent">';
      
              require (
    '../includes/dbconnect.inc.php');
                 
    $sql "INSERT INTO main (heading, content, date) values ('$heading', '$content', NOW())";
                   if (!(
    $res mysql_query($sql))) {
                   echo 
    mysql_error();
                   }
            
    $_SESSION['form_data_stored'] = 1

  11. #11
    SitePoint Wizard Dangermouse's Avatar
    Join Date
    Oct 2003
    Posts
    1,024
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    page A is the page with the form. Page A submits to Page B, which processes the form, which uses header("location: Page C.php"); which displays confirmation etc. As they have been redirected from the other pages they can refresh and it won't resend the data.

  12. #12
    SitePoint Addict
    Join Date
    May 2005
    Posts
    255
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    header('Location: ?');

    Problem solved; this will send them to the current page, with no query string.

  13. #13
    SitePoint Evangelist sputza's Avatar
    Join Date
    Jan 2002
    Location
    Canada
    Posts
    528
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks guys!
    Steven Watkins
    Chief Web Ninja
    Code Monkey Interactive
    lowgravity.ca


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •