Stop double inserts on page refresh

**sputza** · Aug 25, 2005 08:14

Hi everyone,

I had this thread and I also have another question related to that thread but its a new topic. Now that the page inserts into the database, the user can hit the page refresh and it will refresh the page and re-insert the data, causing a double insert.

The code is below:

PHP Code:


  if (isset($_GET['db'])):
         $heading = mysql_real_escape_string($_REQUEST['heading']);
         $content = mysql_real_escape_string($_REQUEST['content']);
         $heading = $_SESSION['s_heading'];
         $content = $_SESSION['s_content'];
    
    
            echo '<div id="adminContent">';
    
            require ('../includes/dbconnect.inc.php');
              $sql = "INSERT INTO main (heading, content) values ('$heading', '$content')";
                 if (!($res = mysql_query($sql))) {
                 echo mysql_error();
                 }
    
            echo '</div>';
    require ('includes/footer.inc.php');
    break;
    endif;

**gavwvin** · Aug 25, 2005 09:13

You could use a bit of javascript to reduce the risk of double submission:

Code:

<form onsubmit="this.submit.disabled = 'disabled'"">
<input type="submit" name="submit" />
</form>

when the user submits (either by enter or clicking the button) the submit becomes disabled. It doesn't make it completely impossible to double submit but makes it harder

**thirteenlisk** · Aug 25, 2005 09:15

Also look into using PHP's header function to send the uesr back to the page without having the GET/POST information. This will prevent double submission as well.

You could also add to your code to check for entries that match the user's submission. If an entry is identical to the one the user is trying to submit, have your code prevent the entry from being inserted again.

**sputza** · Aug 25, 2005 12:44

Originally Posted by gavwvin

You could use a bit of javascript to reduce the risk of double submission:

Code:

  <form onsubmit="this.submit.disabled = 'disabled'"">
  <input type="submit" name="submit" />
  </form>

when the user submits (either by enter or clicking the button) the submit becomes disabled. It doesn't make it completely impossible to double submit but makes it harder

Im not too worried about the user hitting the submit button more than once. The problem I am having is if the user submits it to the database, they then hit refresh and there will be a second insert into the database.

How can I stop that?

**sputza** · Aug 25, 2005 13:29

I would use sessions for something like this... but I can't since Its already using a session to control the user login.

Is there a way to use sessions with more than one session?

**bokehman** · Aug 25, 2005 14:40

Just use the same session. It won't wreck what is already happening. After you enter the data in the database write a variable $_SESSION['form_data_stored'] = 1. Now when the form is submitted and before anything else insert the following in your script:

PHP Code:


if($_SESSION['form_data_stored'])die('Form has already been submitted.')

**sputza** · Aug 25, 2005 14:43

Originally Posted by bokehman

Just use the same session. It won't wreck what is already happening. After you enter the data in the database write a variable $_SESSION['form_data_stored'] = 1. Now when the form is submitted and before anything else insert the following in your script:

PHP Code:


if($_SESSION['form_data_stored'])die('Form has already been submitted.')

Forgive me but I’m not sure how I would implement that... Can you take my code from above and show me where I should be using your code?

**bokehman** · Aug 25, 2005 14:55

Can you post the whole script please?

**sputza** · Aug 25, 2005 14:58

I can do that:

PHP Code:


  <?php
       //   ************admain.php***********
       //check for admin session
       //if no admin session, login
       session_start();
       if (!isset($_SESSION['id'])) {
           header ("Location:login.php");
           }
       require ('includes/header.inc.php');
       require ('includes/nav.inc.php');
  
  
  if (isset($_GET['db'])):
       $heading = mysql_real_escape_string($_REQUEST['heading']);
       $content = mysql_real_escape_string($_REQUEST['content']);
       $heading = $_SESSION['s_heading'];
       $content = $_SESSION['s_content'];
  
  
          echo '<div id="adminContent">';
  
          require ('../includes/dbconnect.inc.php');
              $sql = "INSERT INTO main (heading, content, date) values ('$heading', '$content', NOW())";
               if (!($res = mysql_query($sql))) {
               echo mysql_error();
               }
               
  
  ?>
      <p>The new content was added to the main page.</p>
  <?php
          echo '</div>';
  require ('includes/footer.inc.php');
  break;
  endif;
  
  
  
       $usersubmit = $_REQUEST['usersubmit'];
  
       if ($usersubmit == 1) {
           $heading = $_POST['heading'];
           $content = $_POST['content'];
           $enter = 1;
       }else{
           // Get values from session variables
           $heading = $_SESSION['s_heading'];
           $content = $_SESSION['s_content'];
       }
  
       if ($enter == 1) {
  
       // Record user info in sessions
       session_start();
       $_SESSION['s_heading'] = $heading;
       $_SESSION['s_content'] = $content;
  
       echo '<div id="adminContent">';
  
       print "<h2>Confirmation</h2>";
       print "<p>This is the information you have submitted</p>";
  
       $addMainConfirm = "<p>Heading: $heading <br>\n";
       $addMainConfirm .= "Content: $content <br>\n";
  
       print $addMainConfirm;
  
       print "<p><a href=\"addmain.php\">Make changes to the content</a><br />";
       print "<a href=\"addmain.php?db\">Add this content now</a></p>";
       echo '</div>';
  }
  ?>
  
       <div id="adminContent">
          <form action="addmain.php?usersubmit=1" method="post">
          <h3>Heading</h3>
          <input name="heading" type="text" size="30" maxlength="100" />
          <h3>Content</h3>
          <textarea name="content" cols="60" rows="20"></textarea>
          <input name="submit" type="submit" value="Add Main Topic" />
          </form>
          </div>
  
  <?php
       require ('includes/footer.inc.php');
  ?>

**bokehman** · Aug 25, 2005 15:14

Try this:

PHP Code:


  if (isset($_GET['db'])):

       if($_SESSION['form_data_stored'])die('Form has already been submitted.');

       $heading = mysql_real_escape_string($_REQUEST['heading']);

       $content = mysql_real_escape_string($_REQUEST['content']);

       $heading = $_SESSION['s_heading'];

       $content = $_SESSION['s_content'];

  

  

          echo '<div id="adminContent">';

  

          require ('../includes/dbconnect.inc.php');

             $sql = "INSERT INTO main (heading, content, date) values ('$heading', '$content', NOW())";

               if (!($res = mysql_query($sql))) {

               echo mysql_error();

               }

        $_SESSION['form_data_stored'] = 1;

**Dangermouse** · Aug 25, 2005 15:15

page A is the page with the form. Page A submits to Page B, which processes the form, which uses header("location: Page C.php"); which displays confirmation etc. As they have been redirected from the other pages they can refresh and it won't resend the data.

**Etnu** · Aug 25, 2005 19:27

header('Location: ?');

Problem solved; this will send them to the current page, with no query string.

**sputza** · Aug 31, 2005 13:05

Thanks guys!

User Tag List

Thread: Stop double inserts on page refresh

Thread Tools

Display

Stop double inserts on page refresh

Bookmarks

Bookmarks

Posting Permissions