Stop flooding of form on page refresh

[Dada78]

I have a page that has a comment form where people can leave comments. The problem with it is that when you leave a comment, you can hit the refresh button and it will post the last comment again. So you can hit the refresh button over and over again posting the last message and flooding the comments. Is their anything I can do to prevent this from happening?

 

-Thanks

 

 

[blueman378]

tryed ip blocking?

[beansandsausages]

whats your current code?

[Dada78]

Instead of posting the long file I will just post the relevant code.

 

The php

 

// Start code for inserting comments

$firstname = $_POST['firstname'];
$location = $_POST['location'];
$comment_date = date("m-d-Y");
$comment = $_POST['comment'];
$id = $_POST['id'];

// setup our query
$query ="INSERT INTO comments (firstname, location, comment_date, comment, id) VALUES ('$firstname', '$location', '$comment_date', '$comment', '$id')";
                $result=mysql_query($query) or die(mysql_error()); // run our query

// end code for inserting comments

 

 

The HTML

 

<p><span class="title">Comments...</span><table align="center" style='border-top: 1px solid #990000' border="0" cellpadding="4" cellspacing="0" width="550">
  <a name="comments"><?php show_data(); ?></a>
</table></p>

<p><form method="POST" action="display.php?id=<?php echo $row['id']."#comments"; ?>">
<table align="center" border="0" cellpadding="0" cellspacing="0" width="550">
     <tr>
        <td>
		<fieldset class="fieldset">
			<legend class="legend"><strong>Leave A Comment</strong></legend>
			      <input type="hidden" name="id" value="<? echo $row['id']; ?>" />
			Name: <input type="text" name="firstname" value="Anonymous" onClick="this.value=''">   Location: <input type="text" name="location" value="Anonymous" onClick="this.value=''"> <br>Comment (Max 255 characters): <br><textarea name="comment" rows="5" style="width: 500px;" onkeydown="javascript:limittext(this.form.comment);"></textarea>
<input type="submit" value="Submit"> <input type="reset" value="Reset"></fieldset></p></td></tr></table></form></p>

 

 

[haku]

In any situation where something is being posted to the database, upon success it should always forward to another page (I call mine success.php). Then have that page automatically forward back to the original page after a set period of time (see code below). You can also add a link that they can click to return to the original page if they dont want to wait. This way if they hit refresh on either the success page, or the page they return back to, the data wont be re-posted.

 

You can use this code to forward the user from the success page after a preset period of time (in this case 5 seconds):

 

header('Refresh: 5; url=' . [enter the URL they will be forwarded to]);

 

Make sure you put this at the top of your code, with no whitespace or any output to the browser before it. Replace the part in the squre brackets with the URL you want them to be forwarded to.

[haku]

Sorry, I said replace the part inside the brackets, but you should also delete the brackets. Put your URL in quotes. It should read something like this:

 

header('Refresh: 5; url=somepage.php');

 

 

 

 

[Dada78]

I will keep that in mind, but the comments are posted on the page where they are entered so I would hate to navigate from it just to have it go back. It might confuse some users, does that make sense?

[haku]

Yes, but there is no way around that. Its the way most sites do it (although AJAX functions remove the necessity for this).

 

You just put a message on the success page that says something like

 

"message successfully posted. You will be forwarded back to the page you were previously on shortly, or click <a href="something.php">here</a> if you dont want to wait."

 

You must have seen this on a site somewhere in the past.

[laffin]

setup a cookie/POST with a timeout value;

 

in your form (note this for html code)

<INPUT TYPE=HIDDEN NAME="timeout" value="<?=time()+5;?>">
[code]

now in yer processing ya can do

[code]
if(isset($_POST['timeout'])) {
    if(time() < $_POST['timeout'])
      unset($_POST);
}

 

which invalidates the whole re-submission.[/code][/code]

[haku]

That will work as long as the person doesn't hit reload before that amount of time is up.

 

In other words its an unreliable solution.

[Dada78]

setup a cookie/POST with a timeout value;

 

in your form (note this for html code)

<INPUT TYPE=HIDDEN NAME="timeout" value="<?=time()+5;?>">
[code]

now in yer processing ya can do

[code]
if(isset($_POST['timeout'])) {
    if(time() < $_POST['timeout'])
      unset($_POST);
}

 

which invalidates the whole re-submission.[/code][/code]

 

Ok I tried this and it didn't work. I think I might have placed the if(isset($_POST['timeout'])) code in the wrong place. Where exactly does that need to go?

 

 

[laffin]

if((isset($_POST['timeout']) && (time() > $_POST['timeout'])) {
$firstname = $_POST['firstname'];
$location = $_POST['location'];
$comment_date = date("m-d-Y");
$comment = $_POST['comment'];
$id = $_POST['id'];

// setup our query
$query ="INSERT INTO comments (firstname, location, comment_date, comment, id) VALUES ('$firstname', '$location', '$comment_date', '$comment', '$id')";
                $result=mysql_query($query) or die(mysql_error()); // run our query

// end code for inserting comments
}

 

the html

<p><form method="POST" action="display.php?id=<?php echo $row['id']."#comments"; ?>">INPUT TYPE=HIDDEN NAME="timeout" value="<?=time()+5;?>">

[haku]

It probably didnt work because his syntax was wrong. It should have read like this:

 

<INPUT TYPE=HIDDEN NAME="timeout" value="<?php time()+5; ?>">

[Dada78]

Ok this still isn't working the code above was throwing an error because of the bracket at the end of this line

 

if((isset($_POST['timeout']) && (time() > $_POST['timeout'])) {

 

So I did it like this.

 

// Start code for inserting comments

if(isset($_POST['timeout'])) {
    if(time() < $_POST['timeout'])
      unset($_POST);
$firstname = $_POST['firstname'];
$location = $_POST['location'];
$comment_date = date("m-d-Y");
$comment = $_POST['comment'];
$id = $_POST['id'];

// setup our query
$query ="INSERT INTO comments (firstname, location, comment_date, comment, id) VALUES ('$firstname', '$location', '$comment_date', '$comment', '$id')";
                $result=mysql_query($query) or die(mysql_error()); // run our query

// end code for inserting comments
}

 

Then in the form I did this.

 

<fieldset class="fieldset">
			<legend class="legend"><strong>Leave A Comment</strong></legend>
			      <input type="hidden" name="id" value="<? echo $row['id']; ?>" />
                                      <input type="hidden" name="timeout" value="<?php time()+5; ?>">
			Name: <input type="text" name="firstname" value="Anonymous" onClick="this.value=''">   Location: <input type="text" name="location" value="Anonymous" onClick="this.value=''"> <br>Comment (Max 255 characters): <br><textarea name="comment" rows="5" style="width: 500px;" onkeydown="javascript:limittext(this.form.comment);"></textarea>
<input type="submit" value="Submit"> <input type="reset" value="Reset"></fieldset>

 

 

[laffin]

the code wont work as well

cuz the 2nd if statement, invalidated the POST fields,

when $query is set, it will be set with blank values

 

if(isset($_POST['timeout']) && (time() > $_POST['timeout'])) {

will fix that extra paren issue