A simple thing to do is to put an md5 hash into the POST...
Guest 9 декабря 2008 г. 06:30:33
A simple thing to do is to put an md5 hash into the POST data, then>>> only do the insert if that md5 hash isn't already "used" when they>>> hit refresh.> Thank you for your responses. One question: If I were to use the md5 hash> method, what would be the best way to store used hashes? In a database? In> a temporary file kinda thing? Thanks again.
In a database with a datetime field.
Clear out anything older than a day or whatever in a cron job.
For a super busy site, you'd want to clear them out more often.
Or, to simplify matters, if you already have sessions, then do this:
<?php session_start();
//Check their FORM freshness, and only process fresh input, not re-loaded: $fresh = $_POST['fresh']; $used = isset($_SESSION['used']) ? $_SESSION['used'] : array(); if (isset($used[$fresh])){ echo "Ignoring re-posted data: $fresh<br />\n"; } else{ echo "INSERT INTO whatever (duplicate) VALUES ('$_POST[duplicate]')"; $used[$fresh] = TRUE; $_SESSION['used'] = $used; }
Make sure any test for a session time-out occurs BEFORE this test for 'fresh' data -- so they can't wait for the session to time-out, and then re-load, and get their duplicate "in" that way.
You could put most of the code to check for freshness in an include file, and use it on a zillion forms.
Just put the INPUT HIDDEN with NAME='fresh' and an MD5 in every form and be sure to: include 'freshness.inc'; before processing.
Or put it in a function you define in your globals.inc (or whatever gets loaded every page).
It's simple and browser-independent, so it doesn't matter if they hit back or not or re-load or their browser sends or doesn't send the signal needed for ignore_user_abort to work or...
If you would like to report an abuse of our service, such as a spam message, please . Если Вы хотите пожаловаться на содержимое этой страницы, пожалуйста .
