Okay were coding a donations page. We want to make sure the form cannot be resubmitted with either the back arrow or the refresh button so people don't accidently charge themselves twice. How can I prevent this phenomenon? I've read on the forums several suggestions including making cache private, using the get method in the form. What's the best way to do this?
Thanks
Back Button Hell
Moderator: General Moderators
Just a suggestion, for the donation form you could disable the button and submit with javascript.
Code: Select all
<SCRIPT LANGUAGE=JavaScript>
function disableButton(btn)
{
btn.disabled = true;
document.formname.submit();
}
</SCRIPT>
<input type="button" value="save" onclick="javascript: return disableButton(this);">Well I added a reset() after the submission process and that clears the form. So even if they do hit the back button they won't find their data.
Code: Select all
<SCRIPT LANGUAGE=JavaScript>
function disableButton(btn)
{
btn.disabled = true;
document.formname.submit();
document.formname.reset();
}
</SCRIPT>i would do it serverside, in case they have js disabled. your collecting the info serverside anyway, so its really just 1 more small step.
Code: Select all
<?php
session_start();
if (form submitted, form complete, and acceptable) {
if (empty($_SESSION['form_accepted'])) {
// accept it, process it, send emails etc.....
$_SESSION['form_accepted'] = true;
} else {
echo 'you already submitted the form';
}
}
// theres also a variation of the cache-control header that you might find usefull.
// i would not depend on it though for this purpose
header('Cache-Control: Private, Must-Revalidate');
// the browser will check w/ the server and ask if the document has changed. it will only re-download the page if it has changed.
?>You could also, once the transaction has taken place, clear the variables that were stored; this would mean that a refresh would not work. So that you dont come up with an error, you could use a simple if statement to check that the variables actually contain data. If not, then dont let the transaction take place, and display a message saying that they have already donated.
Need to stop people pressing the back button? Not an ideal solution, but perhaps when submitted, open the page in a new window where it then does the transaction. Therefor people cannot press the back button.
Ofcourse, none of these are probably ideal solutions.
Need to stop people pressing the back button? Not an ideal solution, but perhaps when submitted, open the page in a new window where it then does the transaction. Therefor people cannot press the back button.
Ofcourse, none of these are probably ideal solutions.