Solved

Stop re-sending form data while refreshing the page.

Posted on 2001-07-30
16
933 Views
Last Modified: 2008-03-06
Hi all,

When the user refreshes the page that is alreday submitted, it resends the form data and my table has duplicated rows inserted.

I also want to display the same page after submitting.

How do I prevent the form data being re-submitted to the server while refreshing?

I am using php+postgresql.

best regards
ascetic.

0
Comment
Question by:ascetic
  • 6
  • 4
  • 4
  • +2
16 Comments
 
LVL 40

Expert Comment

by:RQuadling
ID: 6333768
Don't bother with testing the submission.

Use your database to either update or reject the duplicated entry.

If I press "Submit" ten times, the data shouldn't have changed.

If your database simply updates the existing data, you will only ever have 1 row!

What sort of data do you have? Is there a unique entry in the table?

If not, then send one to the user when the form is created. When you get the info back, log the unique info in the database. If they re-submit, you will have the unique key to check in the database. If it is present, update the table, if not insert it into the table.

If you can post your current insert code, then I can help further.
0
 

Author Comment

by:ascetic
ID: 6333853

There are 5 tables being inserted from this form.
The first table has the primary key generated from the
sequence and all ther tables  have unique keys.

I do not want to check for duplicate at the back end to save some workload on the server. The table being looked up is very large and there are a number of concurrent access to this form.
regards.

0
 
LVL 40

Expert Comment

by:RQuadling
ID: 6334067
If you have Primary and Unique set correctly, then how are you getting duplicated rows?

Are all the tables getting the duplicated row? Or just the primary key table? Or not the primary, but the 4 others?

Can you show the code relating to the insert/update of the first table?

I would suggest something like this (not real PHP, but should be understandable).

$result = db_update;
if (number_of_rows_affected($result) > 0)
 {
// We can add the rest of the entries.
 }
else
 {
// Duplicate keys possible?
 }

Sort of thing.
0
 
LVL 3

Expert Comment

by:hagur
ID: 6334783
When you have submitted the data to the database, you should redirect back to the page with the form.  If the user will press refresh, all the form data variables will be empty and nothing will be submitted to the database again.

This is how I always do it.

Example:

form.php (or whatever) :

<form action="register.php" method="post">
(your form)
</form>


register.php :

insert into the database ...

then

Header("Location: form.php");


The user is now back at form.php and nothing will happen if he refreshes the page.

This will also work if you only have one file to do this, i.e display the form and add to the database.
Simply use Header("location: filename.php") as soon as you have inserted data into the database, the browser will no longer remember what was in the query string and if you press refresh, it will not re-send the form.  It will just refresh the page.
0
 
LVL 1

Expert Comment

by:fajr_n
ID: 6336862
place this script after insert data on your database

header ("Cache-Control: no-cache, must-revalidate");
header ("Pragma: no-cache");header ("Location: yourform.php");
exit;

if user to try refresh the page, current page only will refresh.

I wish resolve your problem
0
 

Author Comment

by:ascetic
ID: 6337008
hagur /  fajr_n
It doesnot work for me. It seems calls to  header()  
should be only at the begining of the page.
regard
0
 
LVL 1

Expert Comment

by:fajr_n
ID: 6337156
type the script below for example:

filename: test.php
<?
error_reporting(1);
if(isset($Submit))
{
     header ("Cache-Control: no-cache, must-revalidate");
     header ("Pragma: no-cache");
     header ("Location: testx.php?item=$yuhuu");
     exit;
}
else
{
     echo "<form method=\"post\" action=\"test.php\">\n";
     echo "<font face=\"Arial\" size=\"2\">Type some words here :</font>\n";
     echo "<input type=\"text\" name=\"yuhuu\"><br>\n";
     echo "<input type=\"submit\" name=\"Submit\" value=\"Send Me\">\n";
     echo "</form>\n";
}
?>

filename: testx.php
<?
error_reporting(1);
if(!(empty($item)))
{
     echo $item;
}
else
{
     header ("Cache-Control: no-cache, must-revalidate");
     header ("Pragma: no-cache");
     header ("Location: test.php");
     exit;
}
?>

I'm already running it and work.

0
 
LVL 40

Expert Comment

by:RQuadling
ID: 6339707
All of this doesn't really fix the problems of duplicate rows though.

If the database is allowing them, then you are putting a LOT of work into the system to stop them.

If you have a valid constraint/index/uniqueness on the database, they simply will NOT happen! This negates any futher coding. You can handle it if you want, but the database will simply reject the update.

IMHO, this is a much more resiliant method.

Regards,

Richard.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 2

Expert Comment

by:higijj
ID: 6340856
Well.. you could set a cookie to the user the first time he submits the data..

and in your script, just evaluate the cookie.. if it exists, simply don't update the data, if it doesn't, well.. it's the user's first time.. so store the data to your data base...


0
 

Author Comment

by:ascetic
ID: 6374995
fajr_n,

I am working out your suggestion. Thanks.

I am using PostGreSql Database as backend. It does not have any exception handling. Therefore, though, any duplicates will be checked by referential integrity check mechanisms, it dumps all weird messages on the user screen.

Moreover why should I do some additional querying on the backend and choke the server if something can be prevented at the client-side itself?

reagards.

0
 

Author Comment

by:ascetic
ID: 6374997
fajr_n,

I am working out your suggestion. Thanks.

I am using PostGreSql Database as backend. It does not have any exception handling. Therefore, though, any duplicates will be checked by referential integrity check mechanisms, it dumps all weird messages on the user screen.

Moreover why should I do some additional querying on the backend and choke the server if something can be prevented at the client-side itself?

reagards.

0
 

Author Comment

by:ascetic
ID: 6375047
fajr_n,

I am working out your suggestion. Thanks.

I am using PostGreSql Database as backend. It does not have any exception handling. Therefore, though, any duplicates will be checked by referential integrity check mechanisms, it dumps all weird messages on the user screen.

Moreover why should I do some additional querying on the backend and choke the server if something can be prevented at the client-side itself?

reagards.

0
 
LVL 1

Expert Comment

by:fajr_n
ID: 6375156
:)
0
 
LVL 1

Accepted Solution

by:
fajr_n earned 300 total points
ID: 6375160
glad to bring my hands with others :)
0
 

Author Comment

by:ascetic
ID: 6379027
fajr_n,

Sorry. What I am looking for is to display the same page after submitting and yet to stop refreshing the page.
Is there any browser api calls available?
regards.
jose.


0
 
LVL 40

Expert Comment

by:RQuadling
ID: 6379337
Ah.

So.

They fill in the form. Press submit. You then return a text only version of the form.

The page to return the results of the update should be the same layout, just without and of the form controls.

If they need to re-edit the data, you need to include a re-edit link which shows the original form with the field editable.

Regards,

Richard Quadling.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now