Page 1 of 1

VARIABLE $_POST['var']

Posted: Tue Aug 22, 2006 9:17 am
by apalm
Hi

I would like to know how can I clear a POST variable. After including on the DB, I need to clear it so the user cannot push the BACK BUTTON and include it again.

Thank you

Anna

Posted: Tue Aug 22, 2006 9:25 am
by Ollie Saunders
I'm going to translate your question tell me if the translation is correct:
Hi

I would like to know how I can prevent a POST variable from being submitted a second time after it has already been added to the database. Specifically I want to avoid the resubmission phenomena when the user uses the back button.
Is that right?

If that is what you are asking then the simple answer is: you can't. The user controls what and when the user sends information to the server.
You can, however, check whether a row already exists in the database before inserting it.

Posted: Tue Aug 22, 2006 9:34 am
by apalm
Yes, that was correct.

Thank you.

Anna

Posted: Tue Aug 22, 2006 10:13 am
by sansoo
im no expert at php by any means but if youre using a form to send information to a database why not use a session?

This way when a user hits your site they are given a unique Session id.

Have that id sent to the database along with the form variables. This way they can really only send information to your DB once. Cuz if they try again oops the session id already exists and it will kick out an mysql error.

If you session.cookie-lifetime in your php.ini file is set to like an hour they would have to wait that long just to send information again. Or close the browser/clear the cache to get a new session id. And thats where you would need another unique feild in your DB to doulbe check against.

This is what i would do but like i said im pretty new at this so im not sure if that would actually work or not.

Posted: Tue Aug 22, 2006 10:22 am
by Ollie Saunders
Sorry sansoo that is just one very bad idea. The solution i have provided is perfectly fine.

Sessions are not for ensuring uniqueness of submission, not for uniqueness of anything in fact becuase the data is not persistant. Sessions can be destroyed at users will by closing the browser.
Cuz if they try again oops the session id already exists and it will kick out an mysql error.
What's stopping someone spoofing a new one?
If you session.cookie-lifetime in your php.ini file is set to like an hour they would have to wait that long just to send information again.
An hour? What if you want the data for years?
im pretty new
Yes you are.

Posted: Tue Aug 22, 2006 12:01 pm
by blackbeard
What I have done to stop the postdata problem is after the data is submitted into the database, use header ("location: ") to go back to the page with the form. Something like this. Let's say my form page is called myform.php

Code: Select all

If (form has been submitted) {

// Do whatever I need to do

header ("location: ./myform.php");
exit;
This clears out the post data. There are issues with this, mainly, you wind up reloading the page twice, since the same page is used to present the form and process the data.

If someone knows a better way to do it, please let me know.