Jump to content

How to stop contents of a form being re-submitted when user refreshes

theboyholty

By theboyholty
in PHP Coding Help

 Share

Recommended Posts

theboyholty Newbie

theboyholty

Posted
Posted

My wife just called me a geek (that's english for a nerd) because i'm sitting at the computer at 9.43 on a Saturday morning! Fair enough I suppose. Anyway, chaps, here's my problem:

 

I have built (am building) a simple message board / forum (if you want to check it out its at www.mannyroadend.co.uk). When a user replies to a thread (or starts one for that matter - i've just discovered) the page takes them back to the thread and if they then hit refresh, the message is posted again. I don't really want that to happen. Of course, the user shouldn't have to hit refresh but i've been doing it a lot whilst developing it.

 

Any assistance would be greatly appreciated. Thanks.

 

Ok, here's the relevant code for the 'postreply.php' page:

 

include_once 'db.inc.php';

$threadid = $_GET['threadid'];

 

// find subject for reply header

$subj = @mysql_query("SELECT subject FROM THREADS WHERE THREADS.threadid = $threadid");

if (!$subj) {

exit('<p>Error: ' . mysql_error() . '</p>');

}

while ($row = mysql_fetch_array($subj)) {

$subjheader = $row['subject'];

            }

 

?>

<form action="viewthread.php?threadid=<?php echo $threadid ?>" method="post">

 

<table border="0">

<tr><td>Type your message here</td></tr>

<! hidden fields >

<tr>

  <td><input type="hidden" name="threadid" size="40" value="<?php echo $threadid ?>"</td>

  <td><input type="hidden" name="userid" size="40" value="<?php echo $userid ?>"</td>

  <td><input type="hidden" name="username" size="40" value="<?php echo $username ?>"</td>

</tr>

<! visible fields >

<tr>

  <td>Subject:</td>

  <td><input name="subject" size="60" value="<?php echo $subjheader ?>"</td>

</tr>

<tr>

  <td>Message</td>

  <td><textarea name="body" cols="50" rows="4"></textarea></td>

</tr>

<tr>

  <td>Link Name:</td>

  <td><input name="linkname" size="40"</td>

</tr>

<tr>

  <td>Link Text:</td>

  <td>http://<input name="linktext" size="40"</td>

</tr>

</table>

<input type="submit" value="submit" />

</form>

 

<?php

// display the thread header

$result = @mysql_query("SELECT * FROM THREADS, USERS WHERE THREADS.userid = USERS.userid AND threadid = $threadid");

      if (!$result) {

      exit('<p>Error performing query: ' . mysql_error() . '</p>');

      }

 

while ($row = mysql_fetch_array($result)) {

 

echo '<table border="1"><tr><td>' . $row['username'] . '  posted on ' . $row['dateposted'] . '</td></tr>';

echo '<tr><td>' . $row['subject'] . '</td></tr>';

echo '<tr><td>' . $row['body'] . '</td></tr>';

}

 

// display the responses

 

$presult = @mysql_query("SELECT * FROM POSTS, USERS WHERE POSTS.userid = USERS.userid AND threadid = $threadid");

      if (!$presult) {

      exit('<p>Error performing query: ' . mysql_error() . '</p>');

      }

 

while ($prow = mysql_fetch_array($presult)) {

 

echo '<table border="1"><tr><td>' . $prow['username'] . '  posted on ' . $prow['dateposted'] . '</td></tr>';

echo '<tr><td>' . $prow['subject'] . '</td></tr>';

echo '<tr><td>' . $prow['body'] . '</td></tr>';

}

 

echo '</table>';

?>

 

and here's the relevant bits of the 'message board.php' file.

 

<?php

 

include_once 'db.inc.php';

 

// if new thread has been started, use this script to post to dbase

if (isset($_POST['subject'])) {

$subject = $_POST['subject'];

$body = $_POST['body'];

$linkname = $_POST['linkname'];

$linktext = $_POST['linktext'];

 

$sql = "INSERT INTO THREADS SET

userid = '$userid',

subject = '$subject',

body = '$body',

dateposted = CURDATE(),

timeposted = CURTIME(),

linkname = '$linkname',

linktext = '$linktext',

latestpostdate = CURDATE(),

latestposttime = CURTIME()";

 

if (@mysql_query($sql)) {

echo '<p>message posted</p>';

} else {

echo '<p>Error:' . mysql_error() . '</p>';

}

}

 

$result = @mysql_query('SELECT * FROM THREADS, USERS WHERE THREADS.userid = USERS.userid');

if (!$result) {

exit('<p>Error performing query: ' . mysql_error() . '</p>');

}

 

echo ' <table border="1"><tr><td>Subject</td><td>Topic Originator</td><td>Last Post</td></tr>';

 

while ($row = mysql_fetch_array($result)) {

 

echo '<tr><td><a href="viewthread.php?threadid=' . $row['threadid'] . '">' . $row['subject'] . '</a></td><td>';

echo $row ['username'] . '</td><td>' . $row['latestpostdate'] . ': ' . $row['latestposttime'] . ' by ' . $row['latestposter'] . '</td></tr>';

}

 

echo '</table>';

?>

aphomic Newbie

aphomic

Posted
Posted

Well, instead of displaying the form again if the insert is successful, you could clear the form, display a message, or how the message will look or even do a redirect?.  Might be good usability too - more intuitive for the user.

jasonc Advanced Member

jasonc

Posted
Posted

ok i have created from scratch a message board.

 

first off.... when i click the only topic you have i get the following error...

 

Parse error: syntax error, unexpected T_VARIABLE, expecting '(' in /home/fhlinux159/m/mannyroadend.co.uk/user/htdocs/viewthread.php on line 28

 

if you fix this error then i'll be able to help a bit more later on.

 

as for solving your issue with double postings, you will need to do a check for the post that has come in and then see if the username and the topic and any other info posted is the same as that already in the database before it is processed and added to the DB.

 

 

in your message board.php, add a new IF statement after the variables are set with incoming data.

to see if this info exists, if it does not then allow it to be added to the DB

 

if data exisits then perform error message that the submit, refresh was done and do not add to DB.

 

i have also added a new field to the user table in the DB so if members do this many time they get a double post 'hit' like a counter and when it reaches 10 they get a polite email telling them to change their ways, then counter resets and starts again!

 

hope this helps

 

 

ps.  i have been told this too recently, you should never trust user input in forms, you need to do some checks before it is added to the DB, someone may oneday perform a 'MySQL injection' google it to find out more.

 

 

beansandsausages Regular Member

beansandsausages

Posted
Posted

got a few more problems other than that, can sign in with no details, sign up with no details.

 

http://www.mannyroadend.co.uk/viewthread.php?threadid=<marquee>Owned</marquee>

http://www.mannyroadend.co.uk/viewthread.php?threadid=<script>alert("this is bad");</script>

theboyholty Newbie

theboyholty

Posted
  • Author
Posted

Oh I know mate, i know. Its very much in the development stage. Validating my form is currently 3rd on my 'to do' list. Plan is to get it up and running and then iron out these things as i go on.

Thanks for you input anyway.

p.s. hope you don't mind but i'm going to delete your logins. Don't want it to muck things up.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.