Data insertion after page refresh

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ishakya
Forum Commoner
Posts: 40
Joined: Tue Jan 04, 2011 4:58 am

Data insertion after page refresh

Post by ishakya »

Hi,
:D
I have php page call add_agent.php which is used to insert data into a mysql database.
after inserting data row,if i refresh the page, that previous data row will be resend to that database table.
Why is that happening?.is there any way to avoid that?
:banghead:

I anyone can help me to figure this out,it will be very grateful.

Thanks in advance... : :
oscardog
Forum Contributor
Posts: 245
Joined: Thu Oct 23, 2008 4:43 pm

Re: Data insertion after page refresh

Post by oscardog »

After inserting the data, so after the mysql_query() line, set a header() to another page. Then the page cannot be refreshed with the data posted to it.
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: Data insertion after page refresh

Post by flying_circus »

What you're dealing with is a replay attack and a nonce is usually the best way to handle it.

A basic implementation would be something like this:
- On your user form page, generate a token.
- Put the token in a user session and also in a hidden field on the form
- On the PHP side, compare the $_POST token to the $_SESSION token.
- If they match, delete the token from the session, process the request, and go on from there.
- If they hit refresh (or back), there will no longer be a token in the session, so the comparison will fail, and the request will not be handled.
Post Reply