Avoiding Accidental Resubmission?

[chaseman]

When user submits data through a textarea input and he then refreshes the page, the data will be re-submitted and inserted into the database a second time.

 

I used to avoid this with a header redirect, but this solution is not an option to me anymore, since I need to echo out in the header.php, which I have to put before the submission area. Another weak point with the header redirect solution is that the user could go a page back and then hit refresh.

 

I'm wondering how are other sites avoiding resubmission? When you post a comment on YouTube it will simply freeze the submit button after you've posted, I'm guessing they have achieved that with JavaScript, is that solution recommended? And which type of other techniques are people generally using to avoid resubmission on page refresh?

 

[BlueSkyIS]

i use a session variable to indicate that the form has already been submitted by the current user.

[tibberous]

Make a table with 2 columns, id and value.

 

Make value a random md5.

 

On the first form, generate a new value and put: <input type='hidden' name='code' value='$value'>

 

When they submit, see if value is in the table - if it is, process the action and delete the value.

 

Sometimes better than session vars, like if the user has the site open in 2 tabs.

[lalnfl]

Redirect the user to a new page with the header(); function.

 

header("Location: http://www.mywebsite.com/home.php");
exit();

 

Remember to include the exit(); function.

[angelcool]

...test, test and test again your code. Only after doing that and obtaining the desire output you will avoid accidental resubmissions, do not forget to recreate the different scenarios the user will be in that may cause an accidental resubmission.

[chaseman]

i use a session variable to indicate that the form has already been submitted by the current user.

What if the user wants to make a DIFFERENT new submission, how do you handle that situation?

 

Make a table with 2 columns, id and value.

 

Make value a random md5.

 

On the first form, generate a new value and put: <input type='hidden' name='code' value='$value'>

 

When they submit, see if value is in the table - if it is, process the action and delete the value.

 

Sometimes better than session vars, like if the user has the site open in 2 tabs.

 

This sounds interesting, but after multiple times reading your post I still haven't understood this.

 

- the page is being called

- i generate a random value which is at the same time inserted into the hidden field

- the submission is being made, value is being inserted

- since the page is not refreshed, it is still the same value

- if theoretically user would submit again, it would have the same value as before and a submission would cause an error since the value is already inserted in the database

 

BUT most resubmissions occur on page refresh, and when the user is refreshing the page, then there will be a new random value generated, so the submission will get re-inserted.

 

Is that correct, or do I have it all wrong?

[angelcool]

...also disable the submit button after users submits form. You will need some js.

 

<input type="submit"  value="Submit" disabled>

[samshel]

Maintain the

 

pagename.formname => last_submitted

 

pair in session/cookie.

 

While page loading check if the last_submitted for current page and current form in within 1 day [or whatever value you want], disable the form submit button.

 

This will allow you to control the user behavior page and form wise.