Guarding against multiple postbacks

**Arjen** · Apr 10 '07, 02:05 PM

Re: Guarding against multiple postbacks

Tyno Gendo schreef:

I just wondered what methods people used typically when trying to guard
against a POSTed script being reloaded at the users browser and
effectively re-posting the same data again ?
>
I have some administration forms which call the same PHP page when they
postback and the $action variable is taken from the form to signal what
action should be taken.
>
I need a good effective and easy way of stopping people from simply
clicking reload and posting the data again and wondered what the best
method people have found is?
>
Thanks in advance.

if ($_POST['whatever'])
{
// do stuff

// reload page
header ("Location: index.php");
}

--
Arjen
http://www.hondenpage.com - Mijn site over honden

**Tyno Gendo** · Apr 10 '07, 02:05 PM

Re: Guarding against multiple postbacks

Arjen wrote:

Tyno Gendo schreef:

>I just wondered what methods people used typically when trying to guard
>against a POSTed script being reloaded at the users browser and
>effectively re-posting the same data again ?
>>
>I have some administration forms which call the same PHP page when they
>postback and the $action variable is taken from the form to signal what
>action should be taken.
>>
>I need a good effective and easy way of stopping people from simply
>clicking reload and posting the data again and wondered what the best
>method people have found is?
>>
>Thanks in advance.

>
>
if ($_POST['whatever'])
{
// do stuff
>
// reload page
header ("Location: index.php");
}
>

Ah... excellent idea, what didn't it even cross my mind... hehehe.

**Crispy Beef** · Apr 10 '07, 03:05 PM

Re: Guarding against multiple postbacks

Tyno Gendo wrote:

Arjen wrote:

>Tyno Gendo schreef:

>>I just wondered what methods people used typically when trying to guard
>>against a POSTed script being reloaded at the users browser and
>>effectively re-posting the same data again ?
>>>
>>I have some administration forms which call the same PHP page when they
>>postback and the $action variable is taken from the form to signal what
>>action should be taken.
>>>
>>I need a good effective and easy way of stopping people from simply
>>clicking reload and posting the data again and wondered what the best
>>method people have found is?
>>>
>>Thanks in advance.

>>
>>
>if ($_POST['whatever'])
>{
>// do stuff
>>
>// reload page
>header ("Location: index.php");
>}
>>

>
Ah... excellent idea, what didn't it even cross my mind... hehehe.

That's a good one; another method I've used before if you have session
variables available is to set a session var that blocks the script post from
happening again until it's unset...i.e. when the user legitimately comes back
from the correct route. I've mainly used this on contact forms etc.

if (isset($_POST['submit']) && !isset($_SESSIO N['block'])) {
// Code

// Set block
$_SESSION['block'] = true;
} else {
echo 'Data already posted!';
}

Make sure to unset the session var or when you hit the above code it'll never
process a valid POST.

Paul

**Dana Cartwright** · Apr 11 '07, 04:25 PM

Re: Guarding against multiple postbacks

>>>I just wondered what methods people used typically when trying to guard

>>>against a POSTed script being reloaded at the users browser and
>>>effectivel y re-posting the same data again ?

I've used a method that essentially combines (with modifications) the two
ideas you've already been presented with.

If there is $_POST data present, I put it into the $_SESSION variable,
something like:

$_SESSION[ 'post_data' ] = $_POST;

and then I force a reload of the page.

Now, if the page loads WITHOUT $_POST data, but WITH $_SESSION[
'post_data' ] present, then I do the processing and null out $_SESSION[
'post_data' ].

I don't know if this is foolproof (I suspect it's not), but it's been quite
effective where I've used it.

Guarding against multiple postbacks

Guarding against multiple postbacks

Comment

Comment

Comment

Comment