[SOLVED] Code executed again on refresh

[aeonsky]

Hi!

 

I wrote an order form for a small school business which takes an order and places it into a flat-file database (no credit cards #s or anything). Then it leads the user onto another page which writes the data into the database and echos a confirmation of what the user ordered.  But if a user accidentally refreshes the page, it will be executed again and an order will be placed again.

 

Can anyone please help me avoid that? Any help from anyone would be greatly appreciated. I've been helped here before and you all are great.

 

---------

Overview of the script (if you need it):

 

index.php (shows the order form)

write.php (writes the data into the flat file database and shows a confirmation of what the user ordered)

 

[roopurt18]

As soon as you process the user's input, use header("Location: " . $newurl); exit() to redirect to a final page.

[aeonsky]

But I have to show a confirmation, a "receipt", of what they ordered. How would I transfer all the information to the final page?

[corbin]

Do you store each order by a certain ID or something?  Maybe like just an ascending thing kinda like an auto increment for SQL or anything?

 

If you do, you could either check for that, or you could set a $_SESSION variable to hold that value, and make sure it hasn't been done.

 

Or, like someone else said, you could redirect to another page which says everything went through.  You would probably want to pass the info through GET if you wanted to echo specific info about the order.

 

Oh, I know this is random, and you might have already done this, but I've had issues with writing to files at the same time... It usually ends up in a blank file being written, so you might want to make sure your script makes sure the file isn't in use ;p.

[aeonsky]

Thanks guys, I'll try using GET.

[aeonsky]

Hello again!

 

I get the concept of GET, but wouldn't I have to post the data to two pages? Since index.php form posts to write.php (which stores the data in a database), then I need the data somehow to be posted onto a different page (e.g. confirm.php), but I think you can't make it post to one page then the other.

 

Anyone have any more ideas? And thanks for everyone's help!

[corbin]

Hmm lemme write a little example script and maybe it'll make more sense.... ;p

[aeonsky]

Thank you so much!

[corbin]

Hehe got distracted, but just finished it:

 

index.php

<form action="write.php" method="POST">
Your Name: <input type="text" name="name"><br />
Item Name: <input type="text" name="item"><br />
Quantity: <input type="text" name="quantity"><br />
<input type="submit" value="Submit">
</form>

 

write.php

<?php

function sslash($str) { //this removes slashes if they're automatically added by PHP
if(get_magic_quotes_gpc()) { //magic quotes is a directive in php.ini and if it's turned on, $_POST, $_COOKIE, and $_GET automatically have quotes escaped.
	$str = stripslashes($str);
}
return $str;
}

$name = sslash($_POST['name']); //set the values to the result of running the post fields through the function.... if you were working with more post variables you might wish to use a foreach array to remove slashes if necessesary, but for this example, I don't wanna go there ;p
$item = sslash($_POST['item']);
$quan = sslash($_POST['quantity']);

if(!empty($name) && !empty($item) && !empty($quan)) { //in actual production I would check these a little bit more, but for the purposes of this example, I'm just checking if they're empty or not ;p.
$file = @fopen('orders.txt', 'a');
if($file) {
	$write_array = array('name' => $name, 'item' => $item, 'quantity' => $quan);
	$ser_array = serialize($write_array);
	/*
	Why serialize it?  Really it's not needed, and it will take up more space in the text file, but it keeps you from running into problems with delimeters.... You could use tab as a delemiter and probably never run into problems, but you never know.
	see php.net/serialze for more info on what it does, and what it's usual uses are.
	If you expect the file this stuff is to be stored in to be a substantian size, or if someone may want to view it plain text, or if you don't feel like messing with unserialize() then I suggest tab delemiting.... Now that I think about it, I would probably use tabs, but already have this coded.... so.... lol
	*/
	if(filesize('orders.txt') != 0) { //if the file doesn't have any records, then don't add the newline stuff to it ;p
		$ser_array = "\r\n" . $ser_array; //add a line break to the data
	}

	if(@fwrite($file, $ser_array)) {
		//it was written correctly!
		$gname = urlencode($name); //encode it for a url so you avoid possible problems
		$gitem = urlencode($item); //encode it for a url so you avoid possible problems
		$gquan = urlencode($quan); //encode it for a url so you avoid possible problems

		header("location: success.php?name={$gname}&item={$gitem}&quantity={$gquan}"); //redirect to the success page ;p
		exit();

	}
	else {
		echo "Technical error.  Please try again later.";
	}

}
else {
	echo "Technical error.  Please try again later.";
}
}
else {
echo 'Please go <a href="index.php">Back</a> and fill in all fields.';
}

?>

 

success.php

Your order has been added successfully, <?php echo $_GET['name']; ?><br />
You entered <b><?php echo $_GET['item']; ?></b> with a quantity of <?php echo $_GET['quantity']; ?>

<!-- you should probably note how I don't handle empty variable and stuff.... Getting lazy now ;p -->

 

An example of what orders.txt (the file it writes to) might look like

a:3:{s:4:"name";s:6:"Corbin";s:4:"item";s:4:"pens";s:8:"quantity";s:2:"57";}
a:3:{s:4:"name";s:8:"Testname";s:4:"item";s:8:""Quotes"";s:8:"quantity";s:26:""\"\"...,k39#$@^00554*#@#$";}
a:3:{s:4:"name";s:6:"Name 3";s:4:"item";s:10:"I like pie";s:8:"quantity";s:16:"Hmm how bout 50?";}

 

Like I said in my commenting, I would probably use tab delimited instead of serialize() because of space constraints among other things such as not really needing to serialize it... lol

[aeonsky]

Helped me out a lot! Thanks a million! 

[corbin]

No problem ;p