[thelist] RE: web-app in php (was: no subject by Andrew Embler)

Tim Parkin tim at pollenation.net
Sat Aug 24 16:43:00 CDT 2002


--Andrew Embler originally asked
>> What I want to do is this: I want the initial form to post the
>> additional information, the php script to process it, and then the
>> page to reload. However, at that point, I want the page to think it
>> hasn't been generated by a post. Any way to do this?

--David Kutcher replied
>4) they submit to a submission page where it adds, modifies, or deletes
the
>info into the db
>5) on successfully submitting the info, the page is redirected to the
index
>page which loads the items based on the id in the session (#1)
>
>Now, if you were good, you would make this all one php page with a
switch
>based on the $action and have it reload $self (I believe that's the
var).
>With this, there is no resubmission error or timeout (beyond the
session
>timeout) that you can specify in most cases

Andrew,

If your form submits to a page for processing, your user will always be
able to navigate to this page using the back button (redirects help but
can be overridded by rampant pressing of the back button or using the
back buttons history).

Two options tend to be used a lot that fall foul of resubmission
problems:-

  One is where form.php is submitted to process_form.php and afterwards
is     redirected to confirmation.php. If the person presses back they
can get to process_form.php.

  Two is where the process_form.php shows the confirmation after
processing.

Either way, resubmission of the forms data will result in a second
processing.

The best way to get around this is to check to see if the form is being
resubmitted and send the user a message or redirect them to an
appropriate alternative. This can be adding a hidden field to the
form.php containing a large random number that can be used as a
transaction_id.

This transaction id can cross referenced against a log of user
transactions to see if it matches a previous submission.

The transation id's can be stored in a transaction log table in the
database or in the users session as an array or as part of a cookie.
Personally I think a transaction log is quite a handy feature anyway,
always good for debugging and can be regularly rotated or trashed to
keep things clean.

Hope this helps

Tim Parkin
Pollenation Internet







More information about the thelist mailing list