<input value="Get Reward" onClick="document.Checkout.BuyItemBtn.disabled=true; self.location='<?php echo $URL; ?>';" id="BuyItemBtn" type="button">

URL is defined but this does nothing. take away the redirect and it's disables the button okay but i want to do both.

    Can you show us the resulting HTML as seen from the client?

    EDIT: Also, have you tried using "window.location" instead?

      HTML

      <input value="Get Reward" onClick="document.Checkout.BuyItemBtn.disabled=true; window.location='confirmorder.php?ID=6&RewardID=31';" id="BuyItemBtn" type="button">

        Woops, just noticed... that <input> element has no 'name' attribute, so "document.Checkout.BuyItemBtn" probably doesn't exist (are you sure your browser isn't generating a JavaScript error you're not telling us about?).

          and this does not work wither

          	<input value="Get Reward" onClick="document.Checkout.BuyItemBtn.disabled=true; window.location.href='<?php echo $URL; ?>';" id="BuyItemBtn" type="button">

            See above in regards to "document.Checkout.BuyItemBtn" not existing. I'm really betting that's where the problem is at this point, which begs the question... why aren't you mentioning the JavaScript exception/error message that your browser is surely generating?

              okay, this works

              	<form name="Checkout">
    <input value="Get Reward" name="BuyItemBtn" onClick="document.Checkout.BuyItemBtn.disabled=true; window.location.href='<?php echo $URL; ?>';" id="BuyItemBtn" type="button">

              but a user can still click Get Reward several times.

                Works fine for me.. simple example/test:

                <html>
<body>
<form name="Checkout">
    <input value="Get Reward" name="BuyItemBtn" onClick="document.Checkout.BuyItemBtn.disabled=true; alert('Good luck getting this message to appear again without refreshing!');" id="BuyItemBtn" type="button">
</form>
</body>
</html>

                However, I have to ask... why does it matter if the user can click the button several times? Surely you're not relying on this client-side code to prevent the action from being repeated multiple times on the server... right?

                  Yes an alert happens but the disable doesn't!

                  Yes I am. I've got a check to see they have enough "points" or "dollars" but I can still sometimes get duplicate orders.

                    NZ_Kiwis;10994015 wrote:

                    Yes an alert happens but the disable doesn't!

                    Worked fine for me; which browser (name & version) and O/S are you using?

                    NZ_Kiwis;10994015 wrote:

                    Yes I am. I've got a check to see they have enough "points" or "dollars" but I can still sometimes get duplicate orders.

                    So what's to stop someone from hitting the "back" button and re-submitting the form all over again? Sounds like you should implement some server-side mechanism to make sure that the same form hasn't been submitted multiple times without being re-displayed first.

                    For example, you could store some random value in a session and in a hidden form element; when you start processing a form submission, check to see if the two values match. If they do, clear out the previous random value (or generate a new one) and process the data. If they don't, abort processing the data and display some sort of error message (if applicable/desired).

                      I get the item cost and get a users balance via a mysql search then do this

                      	if ($RewardCost > $PointsBalance){
		echo "There has been an error, you do not have enough points";
		exit();
	}

                        maybe i need that header which doesn't store anything in it's cache?

                        would that be better?

                          Write a Reply...