Page 1 of 1

Clear post data with session - advice needed!

Posted: Sat Jan 01, 2011 7:35 pm
by mjsw
Hi,

currently I'm working on my own e-commerce platform and I want to design it perfectly. The part I'm not satisfied with now, is how the data is send to server when administrator edit something in his admin panel. As we all know, there are two options to choose from here: post and get methods. Now, for all CRUD operations (updates, inserts, deletes) I use POST since it allows more data to be send and keeps my urls clean. The part I can't accept is the lack of refresh support, I mean the annoying popup that must apear asking wheater you want the data to be send again or not on each refresh attempt after the post data was sent. This made me wonder if there is a method to skip this behavior and I've came up to something like this:

Code: Select all

			
if(isset($_POST['save']))
{
	//save post data to db here
	$_SESSION['save']=1; //let's say 1 means that the save operation was succesfull
	header("Location: ".$_SERVER['REQUEST_URI']);
	exit;
}
if(isset($_SESSION['save']))
{
	$save=$_SESSION['save'];
	unset($_SESSION['save']);
}
if($save==1)
{
//print the message to the user
}
As you see, all I'm doing here is redirecting the page to itself after the post data was utilized, so the post data get lost. The message for the user is being stored in a session and is displayed to him only once - just after the save. Then the session is being unset and the message won't apear on next page refresh. This is just a sample, I use this mechanism in more situations.

Before I implement this mechanism in my whole application, I wanted to ask if anyone finds this method wrong/dangerous or have better suggestion? I must admit that I'm pretty happy with how it's working, even though the additional request is made every time, and that the redirection can be seen in some cases (slower page load), but I can't see any other weakneses. Does anyone see any holes in my code?

Thanks in advance...

Re: Clear post data with session - advice needed!

Posted: Sun Jan 02, 2011 7:01 am
by Darhazer
This is the correct way to do it, only you can encapsulate it better. And actually you can set 'message', so you can reuse both for sucessful and error messages.

Additionnaly, in the code sample (I know it's just a sample) the $save variable could be undefined one, if $_SESSION['save'] is not set

Re: Clear post data with session - advice needed!

Posted: Sun Jan 02, 2011 10:24 am
by mjsw
Darhazer wrote:This is the correct way to do it, only you can encapsulate it better. And actually you can set 'message', so you can reuse both for sucessful and error messages.

Additionnaly, in the code sample (I know it's just a sample) the $save variable could be undefined one, if $_SESSION['save'] is not set
OK, thanks for your comments, I will implement this then in my system. If anyone see anything that can possibly go wrong in that code, please let me know, thanks :)