Dada78 Posted February 1, 2008 Share Posted February 1, 2008 I have a page that has a comment form where people can leave comments. The problem with it is that when you leave a comment, you can hit the refresh button and it will post the last comment again. So you can hit the refresh button over and over again posting the last message and flooding the comments. Is their anything I can do to prevent this from happening? -Thanks Quote Link to comment Share on other sites More sharing options...
blueman378 Posted February 1, 2008 Share Posted February 1, 2008 tryed ip blocking? Quote Link to comment Share on other sites More sharing options...
burnside Posted February 1, 2008 Share Posted February 1, 2008 whats your current code? Quote Link to comment Share on other sites More sharing options...
Dada78 Posted February 1, 2008 Author Share Posted February 1, 2008 Instead of posting the long file I will just post the relevant code. The php // Start code for inserting comments $firstname = $_POST['firstname']; $location = $_POST['location']; $comment_date = date("m-d-Y"); $comment = $_POST['comment']; $id = $_POST['id']; // setup our query $query ="INSERT INTO comments (firstname, location, comment_date, comment, id) VALUES ('$firstname', '$location', '$comment_date', '$comment', '$id')"; $result=mysql_query($query) or die(mysql_error()); // run our query // end code for inserting comments The HTML <p><span class="title">Comments...</span><table align="center" style='border-top: 1px solid #990000' border="0" cellpadding="4" cellspacing="0" width="550"> <a name="comments"><?php show_data(); ?></a> </table></p> <p><form method="POST" action="display.php?id=<?php echo $row['id']."#comments"; ?>"> <table align="center" border="0" cellpadding="0" cellspacing="0" width="550"> <tr> <td> <fieldset class="fieldset"> <legend class="legend"><strong>Leave A Comment</strong></legend> <input type="hidden" name="id" value="<? echo $row['id']; ?>" /> Name: <input type="text" name="firstname" value="Anonymous" onClick="this.value=''"> Location: <input type="text" name="location" value="Anonymous" onClick="this.value=''"> <br>Comment (Max 255 characters): <br><textarea name="comment" rows="5" style="width: 500px;" onkeydown="javascript:limittext(this.form.comment);"></textarea> <input type="submit" value="Submit"> <input type="reset" value="Reset"></fieldset></p></td></tr></table></form></p> Quote Link to comment Share on other sites More sharing options...
haku Posted February 1, 2008 Share Posted February 1, 2008 In any situation where something is being posted to the database, upon success it should always forward to another page (I call mine success.php). Then have that page automatically forward back to the original page after a set period of time (see code below). You can also add a link that they can click to return to the original page if they dont want to wait. This way if they hit refresh on either the success page, or the page they return back to, the data wont be re-posted. You can use this code to forward the user from the success page after a preset period of time (in this case 5 seconds): header('Refresh: 5; url=' . [enter the URL they will be forwarded to]); Make sure you put this at the top of your code, with no whitespace or any output to the browser before it. Replace the part in the squre brackets with the URL you want them to be forwarded to. Quote Link to comment Share on other sites More sharing options...
haku Posted February 1, 2008 Share Posted February 1, 2008 Sorry, I said replace the part inside the brackets, but you should also delete the brackets. Put your URL in quotes. It should read something like this: header('Refresh: 5; url=somepage.php'); Quote Link to comment Share on other sites More sharing options...
Dada78 Posted February 1, 2008 Author Share Posted February 1, 2008 I will keep that in mind, but the comments are posted on the page where they are entered so I would hate to navigate from it just to have it go back. It might confuse some users, does that make sense? Quote Link to comment Share on other sites More sharing options...
haku Posted February 1, 2008 Share Posted February 1, 2008 Yes, but there is no way around that. Its the way most sites do it (although AJAX functions remove the necessity for this). You just put a message on the success page that says something like "message successfully posted. You will be forwarded back to the page you were previously on shortly, or click <a href="something.php">here</a> if you dont want to wait." You must have seen this on a site somewhere in the past. Quote Link to comment Share on other sites More sharing options...
laffin Posted February 1, 2008 Share Posted February 1, 2008 setup a cookie/POST with a timeout value; in your form (note this for html code) <INPUT TYPE=HIDDEN NAME="timeout" value="<?=time()+5;?>"> [code] now in yer processing ya can do [code] if(isset($_POST['timeout'])) { if(time() < $_POST['timeout']) unset($_POST); } which invalidates the whole re-submission.[/code][/code] Quote Link to comment Share on other sites More sharing options...
haku Posted February 1, 2008 Share Posted February 1, 2008 That will work as long as the person doesn't hit reload before that amount of time is up. In other words its an unreliable solution. Quote Link to comment Share on other sites More sharing options...
Dada78 Posted February 1, 2008 Author Share Posted February 1, 2008 setup a cookie/POST with a timeout value; in your form (note this for html code) <INPUT TYPE=HIDDEN NAME="timeout" value="<?=time()+5;?>"> [code] now in yer processing ya can do [code] if(isset($_POST['timeout'])) { if(time() < $_POST['timeout']) unset($_POST); } which invalidates the whole re-submission.[/code][/code] Ok I tried this and it didn't work. I think I might have placed the if(isset($_POST['timeout'])) code in the wrong place. Where exactly does that need to go? Quote Link to comment Share on other sites More sharing options...
laffin Posted February 1, 2008 Share Posted February 1, 2008 if((isset($_POST['timeout']) && (time() > $_POST['timeout'])) { $firstname = $_POST['firstname']; $location = $_POST['location']; $comment_date = date("m-d-Y"); $comment = $_POST['comment']; $id = $_POST['id']; // setup our query $query ="INSERT INTO comments (firstname, location, comment_date, comment, id) VALUES ('$firstname', '$location', '$comment_date', '$comment', '$id')"; $result=mysql_query($query) or die(mysql_error()); // run our query // end code for inserting comments } the html <p><form method="POST" action="display.php?id=<?php echo $row['id']."#comments"; ?>">INPUT TYPE=HIDDEN NAME="timeout" value="<?=time()+5;?>"> Quote Link to comment Share on other sites More sharing options...
haku Posted February 1, 2008 Share Posted February 1, 2008 It probably didnt work because his syntax was wrong. It should have read like this: <INPUT TYPE=HIDDEN NAME="timeout" value="<?php time()+5; ?>"> Quote Link to comment Share on other sites More sharing options...
Dada78 Posted February 1, 2008 Author Share Posted February 1, 2008 Ok this still isn't working the code above was throwing an error because of the bracket at the end of this line if((isset($_POST['timeout']) && (time() > $_POST['timeout'])) { So I did it like this. // Start code for inserting comments if(isset($_POST['timeout'])) { if(time() < $_POST['timeout']) unset($_POST); $firstname = $_POST['firstname']; $location = $_POST['location']; $comment_date = date("m-d-Y"); $comment = $_POST['comment']; $id = $_POST['id']; // setup our query $query ="INSERT INTO comments (firstname, location, comment_date, comment, id) VALUES ('$firstname', '$location', '$comment_date', '$comment', '$id')"; $result=mysql_query($query) or die(mysql_error()); // run our query // end code for inserting comments } Then in the form I did this. <fieldset class="fieldset"> <legend class="legend"><strong>Leave A Comment</strong></legend> <input type="hidden" name="id" value="<? echo $row['id']; ?>" /> <input type="hidden" name="timeout" value="<?php time()+5; ?>"> Name: <input type="text" name="firstname" value="Anonymous" onClick="this.value=''"> Location: <input type="text" name="location" value="Anonymous" onClick="this.value=''"> <br>Comment (Max 255 characters): <br><textarea name="comment" rows="5" style="width: 500px;" onkeydown="javascript:limittext(this.form.comment);"></textarea> <input type="submit" value="Submit"> <input type="reset" value="Reset"></fieldset> Quote Link to comment Share on other sites More sharing options...
laffin Posted February 1, 2008 Share Posted February 1, 2008 the code wont work as well cuz the 2nd if statement, invalidated the POST fields, when $query is set, it will be set with blank values if(isset($_POST['timeout']) && (time() > $_POST['timeout'])) { will fix that extra paren issue Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.