* Thus wrote Diana Castillo ([EMAIL PROTECTED]):
> anyone know how to catch if someone has reloaded a page?
The way I prevent reloads is with a combination of session
variables and an extra form field, here is how I go about it:
form_page.php:
<?
$formhash = md5(uniq(rand() . time()));
$_SESSION['formhash'] = $formhash;
// Add this to your form:
?>
<input type="hidden" name="_formhash_" value="<?php echo $formhash?>">
process_page.php:
<?
// grab the session var and test its existance
if ( $formhash = $_SESSION['formhash']) ) {
// clear out hash in session so if the user refreshes this
// page and has a _formhash_ var it will be considered bad
unset($_SESSION['formhash']);
// test the form var against the session
if ($formhash != $_REQUEST['_formhash_']) ) {
// user did not come from the form that generated page
// so hash is invalid
}
}
} else {
// invlalid data, has no hash
}
This should be generic enough so it can be used on all form
processing pages without any modifications.
You do have to make sure that the form_page.php does not get cached
by the browser.
HTH,
Curt
--
"I used to think I was indecisive, but now I'm not so sure."
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
