How to stop users from resubmitting data after refresh?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
hydroxide
Forum Commoner
Posts: 77
Joined: Mon Jun 05, 2006 9:53 am

How to stop users from resubmitting data after refresh?

Post by hydroxide »

Okay, I've got this page that users are sent to after they send money to me with paypal. It takes the $amount that paypal posts, and puts that into a database when the page is loaded. How can I stop users from simply refreshing over and over again to keep putting the money in the database?

This is what I've got doing the dirty work when they get redirected to the page.

Code: Select all

if ($is_banned == 0 && $ID_MEMBER != 0) {
	$update_ad_q = "UPDATE ad_credit SET credit = credit + '$amount' WHERE id = $ID_MEMBER";
	mysql_query($update_ad_q);
}
Last edited by hydroxide on Fri Aug 04, 2006 10:11 am, edited 1 time in total.
User avatar
jayshields
DevNet Resident
Posts: 1912
Joined: Mon Aug 22, 2005 12:11 pm
Location: Leeds/Manchester, England

Post by jayshields »

How does it keep the $amount variable's value after the refresh? If it's simply a POST'd value it shouldn't exist after refreshing.
User avatar
hydroxide
Forum Commoner
Posts: 77
Joined: Mon Jun 05, 2006 9:53 am

Post by hydroxide »

jayshields wrote:How does it keep the $amount variable's value after the refresh? If it's simply a POST'd value it shouldn't exist after refreshing.
I have no idea! I just hit refresh and it keeps on putting stuff in the database!

You can see the code in its entirety here: http://hashphp.org/pastebin?pid=7943 (115 lines)
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

One-time use transaction IDs. I've talked about them in several threads recently so I'd rather not have to repeat it all.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

At the very least, use a splash page that redirects so even if they refresh, it only refreshes a static HTML output page instead of something hitting the DB. This will not entirely prevent your issue (Feyd's suggestion will) but it will cause your users to have to do more work to do to you what they can easily do now.
Post Reply