Back button problem: PHP-to-MySQL form

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
the_wolf
Forum Newbie
Posts: 2
Joined: Fri Oct 18, 2002 1:29 am
Location: Heidelberg, Germany

Back button problem: PHP-to-MySQL form

Post by the_wolf »

Hi to everyone,

i am developing a MySQL / PHP based website with a superuser level to define workflows, objects etc. and different GUI's for 'normal' users to add, alter or to delete content to/from the DB's. Its all working fine except the back button problem.

To alter a data record, the user has to select the record from a list and to hit a link like

Code: Select all

<?php
change.php3?department=$department&aid=$id
?>
Afterwards, he gets a form with all the DB stuff related to this record:

Code: Select all

<?php

$LANG = 'en';
$department = $_GET&#1111;"department"];

$aid = $_GET&#1111;"aid"];

$hostname = "localhost";
$username = "xxx";
$password = "xxx";
$dbName = "DBsomewhat";

$userstable = "tablesomewhere";

MYSQL_CONNECT($hostname,$username,$password) OR DIE("Database connection failed.");

@mysql_select_db("$dbName") or die("Database not found.");

$query = "SELECT id, l01, ..., l44 FROM $userstable WHERE id = '$aid'";

$erg = MYSQL_QUERY($query);

$numrows = MYSQL_NUM_ROWS($erg);

if ($numrows > '0') &#123;
	
	$i = 0;
	
	$id = mysql_result($erg,$i,"id");
	$l01 = mysql_result($erg,$i,"l01");
	$l02 = mysql_result($erg,$i,"l02");
	
   #a lot more

	$l43 = mysql_result($erg,$i,"l43");
	$l44 = mysql_result($erg,$i,"l44");&#125;
	
	else &#123;&#125;
			
?>

<FORM ACTION>...</FORM>
When finished working, the form is sent to a PHP script which does

Code: Select all

<?php
$LANG = 'en';
$department = $_POST&#1111;"department"];

$aid = $_POST&#1111;"aid"];

$l01 = $_POST&#1111;"l39"];
$l02 = $_POST&#1111;"l40"];

# a lot more

$l43 = $_POST&#1111;"l33"];
$l44 = $_POST&#1111;"l43"];

$hostname = "localhost";
$username = "xxx";
$password = "xxx";
$dbName = "DBsomewhat";

$userstable = "tablesomewhere";

MYSQL_CONNECT($hostname,$username,$password) OR DIE("Database connection failed.");

@mysql_select_db("$dbName") or die("Database not found.");

$dquery = "DELETE FROM $userstable WHERE id='$aid'";

$derg = MYSQL_QUERY($dquery);

$query = "INSERT INTO $userstable (l01, l02, ..., l43, l44) ";

$query=$query."VALUES('$l01', '$l02' ..., '$l43', '$l44')";

$erg = MYSQL_QUERY($query);

?>

and displays the changes he made. BUT: if he then hits the back button, $aid is lost and a DoS attack on apache logs starts :wink: ... has anyone an idea how i can effectively bar the user from hitting the back button?

Thanx in advance, the_wolf
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

One way is to use header() to send the user to a new page to display the information.

Mac
rlogin
Forum Newbie
Posts: 19
Joined: Fri Oct 18, 2002 2:39 am

Post by rlogin »

You can set a flag to disallow browser back button bringing in old data.
Post Reply