Preventing multiple inserts
Moderator: General Moderators
Preventing multiple inserts
I have a page where I'm inserting the user's information into the database creating it's own unique record number/primary key.
All the page does is take the $_POST variables and insert them into the DB.
However, if a user just refreshes the page, the record gets re-posted over and over again.
Without running a seperate query to check the last "x" number of records if they match an identifying field, is there a way to prevent this?
Thanks!
-- Abe --
All the page does is take the $_POST variables and insert them into the DB.
However, if a user just refreshes the page, the record gets re-posted over and over again.
Without running a seperate query to check the last "x" number of records if they match an identifying field, is there a way to prevent this?
Thanks!
-- Abe --
Have you thought about clearing out the $_POST array?
Have you thought about security?
Have you thought about 'username UNIQUE KEY'? If you used this then mysql_query would return an error if you try to insert an username of the same value which is already in the table.
Have you thought about security?
Have you thought about 'username UNIQUE KEY'? If you used this then mysql_query would return an error if you try to insert an username of the same value which is already in the table.
I'm not saying this method doesn't rock, but I have had multiple inserting using this method. It is rare, but it can happen.Burrito wrote:after your insert, redirect the user to another page using one of several redirection methods. That way if they refresh, they're just refreshing the newly loaded page and not resubmitting the post values to your action page.
Code: Select all
header('Location: http://www.yoursite.com/some-new-page', true, 303);I was actually thinking about that, but I am unaware of how to do that. Any hints?santosj wrote:Have you thought about clearing out the $_POST array?
This is my first realy project using php and mysql. It's running pretty smoothly, but I have no clue how to approach the project from a security standpoint.Have you thought about security?
This is definitely a valid option, but right now, I don't have a full users DB to work this with yet. I will definitely try when I get further along.Have you thought about 'username UNIQUE KEY'? If you used this then mysql_query would return an error if you try to insert an username of the same value which is already in the table.
Thanks for your responses.
They are very helpful!
-- Abe --
unset($_POST['form_name']);BigAbe wrote:I was actually thinking about that, but I am unaware of how to do that. Any hints?santosj wrote:Have you thought about clearing out the $_POST array?
The most basic security is to check the type and see if it matches what you want. You could also use Prepared Statements (but you don't have to), the nice thing about mysql_query() is that it only allows for one query, so injection isn't much of a big deal.This is my first realy project using php and mysql. It's running pretty smoothly, but I have no clue how to approach the project from a security standpoint.
Checking the types also helps you debug the script.
The PHP ctype functions are pretty good at checking. There is a new FILTER set of functions in CVS that should be awesome when it lands.
UNIQUE KEY in the table creation can be any field, but I would be careful which field you choose to be unique.This is definitely a valid option, but right now, I don't have a full users DB to work this with yet. I will definitely try when I get further along.
Is there any way to unset all of my $_POST variables at once? Kind of like a clear all? I don't have my variables being passed in an array, so would I have to unset each of my variables one by one? I only ask because I have quite a few variables being passed from page to page.santosj wrote:unset($_POST['form_name']);
Can you explain more please?The most basic security is to check the type and see if it matches what you want.
Thanks!
-- Abe --
Is there any way to unset all of my $_POST variables at once?
Code: Select all
<?php unset($_POST); ?>ORmatthijs wrote:Is there any way to unset all of my $_POST variables at once?Code: Select all
<?php unset($_POST); ?>
Doesn't work.Code: Select all
unset($_POST['form_name']);
I have an if statement that checks if the $_POST is null or not:
Code: Select all
$adTitle = $_POST["adTitle"];
$adSummary = $_POST["adSummary"];
if(($_POST["adTitle"] != "") && ($_POST["adSummary"] != "")){Code: Select all
//clear all $_POST variables
unset($_POST["adSummary"]);
unset($_POST["adTitle"]);Any idea why the unset isn't working? Or am I just using it incorrectly?
All I'm trying to do is prevent the user from refreshing the page and re-executing the query on that page.
Thanks!
-- Abe --