I'm working on a site where I have a couple of pages that require input via forms by the user. In each case, "page 1" contains the form, and "page 2" contains the INSERT code to create a new record in the database using the form information.
However, the problem is that a user could refresh "page 2" and thereby continue to create records as many times as they refresh it. Naturally this is un-desirable behavior that I want to eliminate. I've searched through the forums and found a few threads indirectly related... but in most of those cases the data being parsed was user data... which naturally can be resolved by performing a SELECT query of the database to ensure no duplicate name, email, etc., exists.
However, in my case, the information being parsed into the database as a new record could be, and in some cases is, duplicate information (except for a timestamp).
So... what I'm looking to do is to eliminate the ability to run the INSERT query altogether if the page is refreshed.
Now, I've tried working with variables to create an "if - else" statement, and that would work... but my problem is that I can't figure out how to increment a variable on a page refresh. For example :
$stoprefresh = "1";
if ($stoprefresh == "1") {
$sql = "INSERT INTO blah (stuff) VALUES (variables)";
$result = @mysql_query($sql, $connect) or die(mysql_error());
echo "Your data has been entered successfully.";
$stoprefresh++;
} else if ($stoprefresh != "1") {
$echo "You have already entered data, please proceed by selecting a link to the left.";
}
Is there a way to accomplish what I'm attempting to do? Creating a page redirect won't work either, as the user can simply click the back button and return to "page 2" which will run the INSERT once again. And I can't use $_GET either as I don't want to place variables in the URL that can be manipulated by the user.
Any advice would be great... thanks.
