Preventing multiple inserts

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
BigAbe
Forum Commoner
Posts: 66
Joined: Fri Mar 31, 2006 7:41 pm

Preventing multiple inserts

Post by BigAbe »

I have a page where I'm inserting the user's information into the database creating it's own unique record number/primary key.

All the page does is take the $_POST variables and insert them into the DB.

However, if a user just refreshes the page, the record gets re-posted over and over again.

Without running a seperate query to check the last "x" number of records if they match an identifying field, is there a way to prevent this?

Thanks!

-- Abe --
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

after your insert, redirect the user to another page using one of several redirection methods. That way if they refresh, they're just refreshing the newly loaded page and not resubmitting the post values to your action page.
santosj
Forum Contributor
Posts: 157
Joined: Sat Apr 29, 2006 7:06 pm

Post by santosj »

Have you thought about clearing out the $_POST array?

Have you thought about security?

Have you thought about 'username UNIQUE KEY'? If you used this then mysql_query would return an error if you try to insert an username of the same value which is already in the table.
Burrito wrote:after your insert, redirect the user to another page using one of several redirection methods. That way if they refresh, they're just refreshing the newly loaded page and not resubmitting the post values to your action page.
I'm not saying this method doesn't rock, but I have had multiple inserting using this method. It is rare, but it can happen.
User avatar
hawleyjr
BeerMod
Posts: 2170
Joined: Tue Jan 13, 2004 4:58 pm
Location: Jax FL & Spokane WA USA

Post by hawleyjr »

You can always to a SELECT statement to see if the record exists.. :wink:
alex-weej
Forum Newbie
Posts: 19
Joined: Sun May 14, 2006 11:20 am

Post by alex-weej »

Code: Select all

header('Location: http://www.yoursite.com/some-new-page', true, 303);
You can send a HTTP 303 code ("See Other") to the client with the above function. A "See Other" causes the browser to redirect to another page with a GET request. If you forget the 303, it's possible that the browser will redirect with a POST request of the same data. (You don't want that.)
BigAbe
Forum Commoner
Posts: 66
Joined: Fri Mar 31, 2006 7:41 pm

Post by BigAbe »

santosj wrote:Have you thought about clearing out the $_POST array?
I was actually thinking about that, but I am unaware of how to do that. Any hints?
Have you thought about security?
This is my first realy project using php and mysql. It's running pretty smoothly, but I have no clue how to approach the project from a security standpoint.
Have you thought about 'username UNIQUE KEY'? If you used this then mysql_query would return an error if you try to insert an username of the same value which is already in the table.
This is definitely a valid option, but right now, I don't have a full users DB to work this with yet. I will definitely try when I get further along.

Thanks for your responses.

They are very helpful!

-- Abe --
santosj
Forum Contributor
Posts: 157
Joined: Sat Apr 29, 2006 7:06 pm

Post by santosj »

BigAbe wrote:
santosj wrote:Have you thought about clearing out the $_POST array?
I was actually thinking about that, but I am unaware of how to do that. Any hints?
unset($_POST['form_name']);
This is my first realy project using php and mysql. It's running pretty smoothly, but I have no clue how to approach the project from a security standpoint.
The most basic security is to check the type and see if it matches what you want. You could also use Prepared Statements (but you don't have to), the nice thing about mysql_query() is that it only allows for one query, so injection isn't much of a big deal.

Checking the types also helps you debug the script.

The PHP ctype functions are pretty good at checking. There is a new FILTER set of functions in CVS that should be awesome when it lands.
This is definitely a valid option, but right now, I don't have a full users DB to work this with yet. I will definitely try when I get further along.
UNIQUE KEY in the table creation can be any field, but I would be careful which field you choose to be unique.
BigAbe
Forum Commoner
Posts: 66
Joined: Fri Mar 31, 2006 7:41 pm

Post by BigAbe »

santosj wrote:unset($_POST['form_name']);
Is there any way to unset all of my $_POST variables at once? Kind of like a clear all? I don't have my variables being passed in an array, so would I have to unset each of my variables one by one? I only ask because I have quite a few variables being passed from page to page.
The most basic security is to check the type and see if it matches what you want.
Can you explain more please?

Thanks!

-- Abe --
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Post by matthijs »

Is there any way to unset all of my $_POST variables at once?

Code: Select all

<?php unset($_POST); ?>
BigAbe
Forum Commoner
Posts: 66
Joined: Fri Mar 31, 2006 7:41 pm

Post by BigAbe »

matthijs wrote:
Is there any way to unset all of my $_POST variables at once?

Code: Select all

<?php unset($_POST); ?>
OR

Code: Select all

unset($_POST['form_name']);
Doesn't work.

I have an if statement that checks if the $_POST is null or not:

Code: Select all

$adTitle = $_POST["adTitle"];
$adSummary = $_POST["adSummary"];

if(($_POST["adTitle"] != "") && ($_POST["adSummary"] != "")){
Then if those two variables aren't null, my query is processed and I run the following code:

Code: Select all

//clear all $_POST variables
	unset($_POST["adSummary"]);
	unset($_POST["adTitle"]);
I follow that with an else statement to print out an error message.

Any idea why the unset isn't working? Or am I just using it incorrectly?

All I'm trying to do is prevent the user from refreshing the page and re-executing the query on that page.

Thanks!

-- Abe --
BigAbe
Forum Commoner
Posts: 66
Joined: Fri Mar 31, 2006 7:41 pm

Post by BigAbe »

Another solution could be to execute the query from the previous page upon clicking a submit button.

Anyone with any suggestions on how I might be able to do this?

Thanks!

-- Abe --
Post Reply