Jump to content

Archived

This topic is now archived and is closed to further replies.

OLM3CA

form security

Recommended Posts

hello.
I have a form including name,surname,age etc... If the user miss one of them,the form alerts the user that he/she missed a part but when they fill all of them and submits the form,The form submitted.but the problem is when you refresh page everytime the page submitted with the same datas.

I use

[code]$_POST['name'] = "";
$_POST['surname'] ="";
$_POST['age'] = "";[/code]

after if the form values entered.
But nothing changes.if you refresh the page ,the form submitted everytime it refreshed.

Share this post


Link to post
Share on other sites
A quick fix to this could be the following scenario:

Let's assume your script name is called contact.php. 

1. Make your POSTed form action contact.php?somethere_here
2. Once validation is complete, and the user has passed, insert the data and header back to contact.php.

Share this post


Link to post
Share on other sites
I am including this page in index.php and form action is :

[code]action="index.php?page=newpost"[/code]

How can I do ? and can you tell me how can header back to page header("Location: contact.php"); ???

Share this post


Link to post
Share on other sites
Using php you have to submit the form and the server will check for errors according to your code. If you want just a simple check you can use javascript to check for blank field data. This will check before the form is submitted.

This guys has some good tutorials for javascript as well as some basic php stuff

http://www.tizag.com/javascriptT/javascriptform.php

Ray

Share this post


Link to post
Share on other sites
I think you dont exactly understand my question.My problem is not with the control of form values.My problem is when the form is correctly filled and submitted.Its ok but after you REFRESH the page ıt submits those values again and again with refreshing the page

Share this post


Link to post
Share on other sites
O I see. Well the first thing would be to put a check in your insert query to see if the value is there already. e-mail would be a good thing to use

[code]<?php
if(isset($_POST['submit'])){  // checks to see if form has been submitted
$email = $_POST['email'];
$sql = "SELECT * FROM tablename WHERE email_field = '$email'";
  $res = mysql_query($res) or die (mysql_error());
    $num_rows = mysql_num_rows($res);
if($num_rows > 0){
echo "Name already exists in the database";
} else {
// do your insert query here
}
} else {
// Show your form below or whatever

}[/code]

Ray

Share this post


Link to post
Share on other sites
There are a few ways you could go about handling this situation depending on the nature of the form.

My understanding is that there are limitations depending on the database fields and how they're defined, but usually requiring that some combination of data be unique within your table will solve this problem.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.