Just to start off my knowledge is very little in the scheme of things, I've just been doing a project to better my own knowledge of the language. Just a basic CMS with an integrated user system. The problem(if you'd call it that) is that users have to login in order to post comments on a blog/news post, that works however if after posting the comment the user is to hit the refresh button on their browser it resends the data to the database and thus creates a copy of the comment so a user could easily accidentally abuse the system I suppose. Is there a line of code that I could put in the mysql insert statement to not allow that to happen? Or even a line of code that'd prevent that from happening. I realize it's probably a really easy fix, but any help would be appreciated.
Thanks.
User Comments Refresh question
Moderator: General Moderators
Re: User Comments Refresh question
Use page redirect after form submission.
I.e.
I.e.
Code: Select all
header("Location: http://www.example.com/");There are 10 types of people in this world, those who understand binary and those who don't
Re: User Comments Refresh question
Appreciate it but I already tried that and doesn't seem to work. =/
Re: User Comments Refresh question
What have you tried? Code?
There are 10 types of people in this world, those who understand binary and those who don't
Re: User Comments Refresh question
Well I've tried redirecting both via HTML and a PHP header. It appears of I just re-input the address in the address bar, nothings wrong, but if I press refresh it resends the previous data even after I'd redirected to the page. The code is extremely rough as I'm just trying to get the function to work before I clean it up and add security. And also there's problems with other areas in the code right now but I'm working on it. All I need is just the help with the refresh issue.
Code: Select all
<?php
include('mysqlconnect.php');
$nid = $_GET['nid'];
if(!isset($nid)) {
$query = mysql_query("SELECT * FROM news_posts ORDER BY id DESC LIMIT 0,10") or die(mysql_error());
while($row = mysql_fetch_object($query))
{
$result2 = mysql_query("SELECT count(*) FROM comments WHERE nid = '".$row->id."'");
$Counter = mysql_fetch_row($result2);
$Counter = $Counter[0];
$row->post = str_replace("\n", " <br />", $row->post);
$row->post = str_replace("[b]", "<b>", $row->post);
$row->post = str_replace("[/b]", "</b>", $row->post);
$row->post = str_replace("[i]", "<i>", $row->post);
$row->post = str_replace("[/i]", "</i>", $row->post);
$row->post = str_replace("[u]", "<u>", $row->post);
$row->post = str_replace("[/u]", "</u>", $row->post);
$row->post = str_replace("[img]",%20"<img%20src='",%20$row->post);
%20 %20$row->post%20=%20str_replace("[/img]", "'>", $row->post);
$row->post = str_replace("[url]", "<a href='", $row->post);
$row->post = str_replace("[/url]", "'>LINK</a>", $row->post);
echo "<a href='index.php?id=news&nid=" . $row->id . "'>$row->title</a>";
echo $row->author;
echo $row->post;
echo $row->DATE;
echo "<br>";
echo $Counter;
echo " Comments<br>";
}
}
else {
$query = mysql_query("SELECT * FROM news_posts WHERE id = " . $nid . "");
$row = mysql_fetch_object($query);
echo $row->author;
echo $row->title;
echo $row->post;
echo $row->DATE;
$query = mysql_query("SELECT * FROM comments WHERE nid = " . $nid . " ORDER BY id DESC LIMIT 0,3");
while($crow = mysql_fetch_object($query)) {
echo $crow->author;
echo " <p>";
echo $crow->title;
echo " <p>";
echo $crow->comment;
echo " <p>";
echo $crow->DATE;
}
if(isset($_SESSION['user_id'])){
if (isset($_POST['submitted'])) {
$errors = array();
if (empty($_POST['title'])) {
$errors[] = '<font color="red">Please enter in a title.</font>';
} else {
$title = $_POST['title'];
}
if (empty($_POST['comment'])) {
$errors[] = '<font color="red">Please enter in a comment.</font>';
} else {
$comment = $_POST['comment'];
}
if (empty($errors)) {
$user_id = $_SESSION['user_id'];
$query = "SELECT * FROM login WHERE ID = " . $user_id . " LIMIT 1" or die(mysql_error());
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result) or die(mysql_error());
$author = $row['username'];
$query = "INSERT INTO comments (nid, title, author, comment, date) VALUES ($nid, '$title', '$author', '$comment', NOW())";
$result = mysql_query($query);
if ($result) {
echo '<font color="blue"><br>Your comment was added succesfully!</font>';
echo '<META HTTP-EQUIV="Refresh" content= "3;URL=index.php?id=news&nid=' . $nid . '">';
} else {
echo '<font color="red">There was an error when submitting your comment, please try again.</font>';
}
} else {
echo '<b>There were a couple of errors -</b><br />';
foreach ($errors as $msg) {
echo " - $msg<br />";
}
}
}
?>
<form action="index.php?id=news&nid=<?php echo $nid; ?>" method="post" />
<p>Title: <input type="text" name="title" maxlength="70" value="" /></p>
<p>Comment: <textarea columns="6" rows="6" name="comment"></textarea></p>
<p><div align="center"><input type="submit" name="submit" value="Submit Comment" /></div></p>
<input type="hidden" name="submitted" value="TRUE" />
</form>
<?php
}
else {
echo "You may make comments once you've logged in!";
}
}
?>Re: User Comments Refresh question
You can put in some code to prevent duplicate comments. Alternatively, you can check the post times by comparing timestamps (use time()). I tend to favor the latter method; a 5- or 10-second delay should do the trick.