Double posting a form

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Double posting a form

Post by shiznatix »

This has probably been discussed and whatnot but my searches yielded nothing...

how do you keep a user from double posting an html form? Something like keeping it from re-adding stuff to the database when a form is submitted.
jamiel
Forum Contributor
Posts: 276
Joined: Wed Feb 22, 2006 5:17 am
Location: London, United Kingdom

Post by jamiel »

With Client side Javascript if you mean stop them from hitting the button twice whilst you are still processing.
thiscatis
Forum Contributor
Posts: 434
Joined: Thu Jul 20, 2006 11:00 am

Post by thiscatis »

try this:
header

this.onclick = new Function('return false');

the onclick handler in the button:

<input type="submit" name="submit" onclick="this.onclick = new Function('return false');">
But best is that you try a server-side protection.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

The options (that I can think of):

"select" checking for identical postings.

Time delay (e.g. this forum)

Create key's with duplicates disallowed, so upon insertion it fails, handle error appropriately.
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

No javascript. If the user has it turned off then it won't work :P
Jenk wrote:The options (that I can think of):

"select" checking for identical postings.

Time delay (e.g. this forum)

Create key's with duplicates disallowed, so upon insertion it fails, handle error appropriately.
the select won't work because there can be duplicates. the time delay is clever but if the user just refreshes the page after like 10 minutes it will double post it. i don't understand the create keys thing though, what do you mean?

...

maybe use a captcha on every form and if they entered the correct stuff then have it unset the session with the saved captcha info so if they re-submit it will fail the captcha requirements? Is there a better way?
thiscatis
Forum Contributor
Posts: 434
Joined: Thu Jul 20, 2006 11:00 am

Post by thiscatis »

Use an image verification code.
each entry should have is own different image code.
submitting a form twice wouldn't work because there is already an entry with that code.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

By select, I mean literally 'select where columns = <what ever the user is trying to post>' and

Code: Select all

if (mysql_num_rows() > 0) die ('duplicate post!');
The key's option is to create unique keys based on certain aspects, such as content and user id.

Code: Select all

CREATE TABLE `test` (
`a` VARCHAR(20),
`b` VARCHAR(20)
)
UNIQUE `ab` (`a`,`b`);
so if I try to query:

Code: Select all

INSERT INTO `test` (`a`,`b`) VALUES ('a', 'b');
more than once, it will cry and spit an error. Swap `a` for User ID (or name) and `b` for Post Content, or other unique info.

:)
User avatar
shiznatix
DevNet Master
Posts: 2745
Joined: Tue Dec 28, 2004 5:57 pm
Location: Tallinn, Estonia
Contact:

Post by shiznatix »

ahhh i see what you mean.

good ideas but won't work in my situation. there can be the same entry more than once and whatnot. i am going to go with the captcha thing since i was already going to put one in.
User avatar
ronverdonk
Forum Commoner
Posts: 34
Joined: Sat Jun 10, 2006 7:06 am
Location: Netherlands

Only one thing left for you

Post by ronverdonk »

If you don't want to use JavaScript (good idea!) and captcha's, you can solve this by using the 'transaction' method.

Thereby the first request stores a unique transaction id in the page being processed. That way, when the second request comes in with the same id, the redundant transaction is denied. This setup uses MySQL.

I have this solution from the 'PHP Hacks' book from OReilly, works great.

According to the book's preface I can quote the samples, but the code is too much to post here. So, if you want these samples, drop me a note and I'll send it offline via email.
Post Reply