prevent resubmitting of form

Anon

Is there a way to stop a form from being resubmitted.
After the user submits, if the user presses refresh the form re-sends the data? Any suggests on avoid this from happening?

drtebi

well, there is several ways you could implement.

The easiest way is probably to use a hidden input tag with a value, like this:
<INPUT type="hidden" name="attempt" value="1">

Then make your script check if that value is greater then 1, if yes, don't process the form, e.g.:

<?PHP
if($attempt > 1){
print 'you already submitted!';
exit;
}
...

or, you could do the same thing using a cookie, check out the manual pages how to do and use that :-)

or, if it should be tougher for the user to "hack", you could have your script get the users remote address, which is in
HTTP_SERVER_VARS['REMOTE_ADDR']
, submit this value into a database, and have your script check if the ip remote address already exists before processing...

hope that helps,
cheers,
DrTebi

bretticus

Well, if you use the hidden field and a user submits, their post will always fail!

You could increment a hidden field variable each time, but in order to do that, you have to initialize that variable first, and if the same form data is re-posted (refresh, F5, etc.), the variable will not get incremented.

If you're submitting to a database, you can query the table you just inserted the new record into against the same form values.

However, probably the easiest method is to simply redirect the browser upon successful submissions.

i.e. - valid data (without printing out any header info), if validated...Header("Location: newpage.php");

Anon

Are you putting this into a database? Then the simple answer is to use an auto-incrementing integer, and fetch the nextval when delivering the form page. i.e. like this:

select nextval('seqname');

then build a page with this in it:

<FORM ....
<input type ....

When the form is submitted, insert it with the value directly to the database like so:

insert into table (data,id) values ('$data',$nextval);

If the user hits submit again, the submission will fail, since the nextval number will be the same and a record has already been submitted with that number.