Back button re-executing script?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tobyw_1969
Forum Newbie
Posts: 4
Joined: Tue Sep 13, 2005 4:13 pm

Back button re-executing script?

Post by tobyw_1969 »

I am no PHP expert, and I'm trying to implement a basic shopping cart. It works like this

productinfo.php ---- product info page with 'add to cart button'. This button then calls a hyperlink to the next page like so <a href='additem.php?id=<?php $id?>'>

additem.php --- this page then adds to a basket array based on the $id it receives. There is a link on this page to..

checkout.php -- this lists the current orders..

It's all working fine, but the problem I have is that if the user hits the back button from checkout.php, they arrive back at additem.php - which then re-executes, causing the item to be added to their basket again.

Is there some way I can prevent this from happening? Like some way to 'kill' the page once it's executed, and not have it run again when it is returned to with the back button? Or is it just a flaw of my process, and is there a better way to do this kind of thing?


Thanks for any help you can give me.
tobyw_1969
Forum Newbie
Posts: 4
Joined: Tue Sep 13, 2005 4:13 pm

Post by tobyw_1969 »

Ok - I found a way to avoid this, by adding a random number to the URL, and pushing the random number into an array. Then I can check to see if that number has already been used, and die accordingly. Seems very complicated solution though - isn't there a better way?
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Do it the other way around. On all pages that could possibly add items to cart or execute post functions, issue a token to the user. The user sends that token along with the post data. Store the token in a database.

Once the post action is done, the token is invalidated, and any other requests that try to use the same token will throw an error.

Have a cron job remove tokens that are more than, say, 12 hours stale.
Post Reply