Clear post data with session - advice needed!
Posted: Sat Jan 01, 2011 7:35 pm
Hi,
currently I'm working on my own e-commerce platform and I want to design it perfectly. The part I'm not satisfied with now, is how the data is send to server when administrator edit something in his admin panel. As we all know, there are two options to choose from here: post and get methods. Now, for all CRUD operations (updates, inserts, deletes) I use POST since it allows more data to be send and keeps my urls clean. The part I can't accept is the lack of refresh support, I mean the annoying popup that must apear asking wheater you want the data to be send again or not on each refresh attempt after the post data was sent. This made me wonder if there is a method to skip this behavior and I've came up to something like this:
As you see, all I'm doing here is redirecting the page to itself after the post data was utilized, so the post data get lost. The message for the user is being stored in a session and is displayed to him only once - just after the save. Then the session is being unset and the message won't apear on next page refresh. This is just a sample, I use this mechanism in more situations.
Before I implement this mechanism in my whole application, I wanted to ask if anyone finds this method wrong/dangerous or have better suggestion? I must admit that I'm pretty happy with how it's working, even though the additional request is made every time, and that the redirection can be seen in some cases (slower page load), but I can't see any other weakneses. Does anyone see any holes in my code?
Thanks in advance...
currently I'm working on my own e-commerce platform and I want to design it perfectly. The part I'm not satisfied with now, is how the data is send to server when administrator edit something in his admin panel. As we all know, there are two options to choose from here: post and get methods. Now, for all CRUD operations (updates, inserts, deletes) I use POST since it allows more data to be send and keeps my urls clean. The part I can't accept is the lack of refresh support, I mean the annoying popup that must apear asking wheater you want the data to be send again or not on each refresh attempt after the post data was sent. This made me wonder if there is a method to skip this behavior and I've came up to something like this:
Code: Select all
if(isset($_POST['save']))
{
//save post data to db here
$_SESSION['save']=1; //let's say 1 means that the save operation was succesfull
header("Location: ".$_SERVER['REQUEST_URI']);
exit;
}
if(isset($_SESSION['save']))
{
$save=$_SESSION['save'];
unset($_SESSION['save']);
}
if($save==1)
{
//print the message to the user
}
Before I implement this mechanism in my whole application, I wanted to ask if anyone finds this method wrong/dangerous or have better suggestion? I must admit that I'm pretty happy with how it's working, even though the additional request is made every time, and that the redirection can be seen in some cases (slower page load), but I can't see any other weakneses. Does anyone see any holes in my code?
Thanks in advance...