Double submitting help?

[Scropion]

Hi, I was wondering if anyone knows how to stop a users from f5ing on a insert page.

 

I am using a post submit and md5(time());

<input type="hidden" name="sessionid" value="0f81732a59eb03eb5290720acbb2d223">

 

How can I check on post if thats the correct session?

 

[uniflare]

if your worried about random people hitting the button like 20 times to see what happens, then that seems ok using that session id (would have to store a variable in the session), make sure you use sessions with cookies rather than passed through the url.

 

But that wont stop hackers and crackers, for that go here.

 

That link takes ou to someone i recently advised on a very similar if not identical problem.

[Yesideez]

What I've done in the past is once the data is dealt with after the user hits submit, I've redirected to the same page using header().

eg.

if ($_POST['submitbutton']) {
  //handle data here - email, change database whatever
  header("Location: script.php?done=true");
  exit;
}

 

Let's say the script is called script.php I'm calling itself - checking for the presence of ?done=true in the URL using $_GET[]. If not there page acts as normal, if present thanks the user for using the form.