Prevent duplicate record insert on manual page refresh

tags:

php
refresh

views:

198

answers:

+1 Q:

Prevent duplicate record insert on manual page refresh

Hi,

I have a problem which has only just surfaced itself.

I'm working in a MVC environment. The method names in my interface class match those of the request module and action i.e. ?module=test&action=action would result in a method called public function test_action() { }

In this particular problem, I have a form which submits to itself. If validation passes, a record is created and I then show the template of another module. This module expects a series of post variables as it is used in two modules.

The problem I'm having is that, if the user successfully passes the validation and attempts to F5 the page, another new record is created etc.

How can I prevent this from happening?

Normally I would header redirect after a successful insert but in this instance I can't.

+2 A:

You can / should re-direct to a new page after successful insertion.

As you are working in MVC, you can add a new controller that just calls the view you want to show.

jeroen 2010-09-16 13:12:51

I can't as the page afterwards expects information in the form of a post. I don't want to include the information in a get which would solve the problem.

2010-09-16 13:25:46

@user275074 If it expects it in the form of the post, change it to use sessions. Then you just store that data in session, as GET / POST data can be easily modified. Sessions, it is a bit more difficult since that data is stored server side.

Brad F Jacobs 2010-09-16 14:11:10

@premiso, my thoughts exactly!

jeroen 2010-09-16 15:07:43

+2 A:

Developer error:

You need to create a handler page which:

validating sent data
insert row
redirect user

fabrik 2010-09-16 13:13:17

"Normally I would header redirect after a successful insert but in this instance I can't."

are you facing some error in doing that?

Simer 2010-09-16 13:14:33

that is a question. Normally questions are placed in comments.

Alexander 2010-09-16 13:15:36

If for whatever reason you can't redirect (Which sounds peculiar) you can use the 'same' mechanism used for data validation to flush the forms after a successful insert.

But that's a really ugly way to go.

btrandom 2010-09-16 13:23:02

If the next page expects some post data how I can alter it?

2010-09-16 13:26:43

I am not sure I understand what you are saying.Edit: If it's like a questionnaire you can query the data you just inserted or store it in $_SESSION.

btrandom 2010-09-16 13:40:17

+3 A:

I would take it a complete other way. I even find redirection an incorrect way of handling this, since changing locations is not meant to overcome logic/form troubles.

The correct solution is:

Add a unique hash to your form in a hidden input
Store the hash in a server-side session
When the form is send, validate the hidden input hash with the hash on your server
Only execute row insertion when the form validates correctly.

If you are working with Zend Framework, there is a Zend_Form_Element_Hash class for you.

2010-09-16 13:58:50

"correct solution" :)

fabrik 2010-09-16 14:06:20

ansaurus

tags:

views:

answers:

Prevent duplicate record insert on manual page refresh

related questions