Page 1 of 1

Double posting a form

Posted: Thu Jul 27, 2006 4:41 am
by shiznatix
This has probably been discussed and whatnot but my searches yielded nothing...

how do you keep a user from double posting an html form? Something like keeping it from re-adding stuff to the database when a form is submitted.

Posted: Thu Jul 27, 2006 4:57 am
by jamiel
With Client side Javascript if you mean stop them from hitting the button twice whilst you are still processing.

Posted: Thu Jul 27, 2006 6:28 am
by thiscatis
try this:
header

this.onclick = new Function('return false');

the onclick handler in the button:

<input type="submit" name="submit" onclick="this.onclick = new Function('return false');">
But best is that you try a server-side protection.

Posted: Thu Jul 27, 2006 6:31 am
by Jenk
The options (that I can think of):

"select" checking for identical postings.

Time delay (e.g. this forum)

Create key's with duplicates disallowed, so upon insertion it fails, handle error appropriately.

Posted: Thu Jul 27, 2006 8:15 am
by shiznatix
No javascript. If the user has it turned off then it won't work :P
Jenk wrote:The options (that I can think of):

"select" checking for identical postings.

Time delay (e.g. this forum)

Create key's with duplicates disallowed, so upon insertion it fails, handle error appropriately.
the select won't work because there can be duplicates. the time delay is clever but if the user just refreshes the page after like 10 minutes it will double post it. i don't understand the create keys thing though, what do you mean?

...

maybe use a captcha on every form and if they entered the correct stuff then have it unset the session with the saved captcha info so if they re-submit it will fail the captcha requirements? Is there a better way?

Posted: Thu Jul 27, 2006 8:23 am
by thiscatis
Use an image verification code.
each entry should have is own different image code.
submitting a form twice wouldn't work because there is already an entry with that code.

Posted: Thu Jul 27, 2006 9:24 am
by Jenk
By select, I mean literally 'select where columns = <what ever the user is trying to post>' and

Code: Select all

if (mysql_num_rows() > 0) die ('duplicate post!');
The key's option is to create unique keys based on certain aspects, such as content and user id.

Code: Select all

CREATE TABLE `test` (
`a` VARCHAR(20),
`b` VARCHAR(20)
)
UNIQUE `ab` (`a`,`b`);
so if I try to query:

Code: Select all

INSERT INTO `test` (`a`,`b`) VALUES ('a', 'b');
more than once, it will cry and spit an error. Swap `a` for User ID (or name) and `b` for Post Content, or other unique info.

:)

Posted: Thu Jul 27, 2006 9:49 am
by shiznatix
ahhh i see what you mean.

good ideas but won't work in my situation. there can be the same entry more than once and whatnot. i am going to go with the captcha thing since i was already going to put one in.

Only one thing left for you

Posted: Fri Jul 28, 2006 5:18 am
by ronverdonk
If you don't want to use JavaScript (good idea!) and captcha's, you can solve this by using the 'transaction' method.

Thereby the first request stores a unique transaction id in the page being processed. That way, when the second request comes in with the same id, the redundant transaction is denied. This setup uses MySQL.

I have this solution from the 'PHP Hacks' book from OReilly, works great.

According to the book's preface I can quote the samples, but the code is too much to post here. So, if you want these samples, drop me a note and I'll send it offline via email.