Eric, Forgive me for coming in late on this... I haven't read the whole thread, but I'd start be saying that obviously JavaScript is not an option, and quite possible "asking them not to click the back button" is not an option either.
I use the following theory on a single page form, but can't see any reason why it can't happen on a multi part form. I perform all form validation BEFORE outputting anything to the page, and establish if the form data was good or not. Good results in uploading to the DB, and a redirect to a thanks page (or in your case, another form), and bad results in the form being shown again. Since nothing is sent to the page (other than a redirect) if the data is good, the page doesn't exist at the browser, so there's no chance of them hitting back and re-submitting the data twice by accident. Of course they CAN hit back and see the form they just filled out, and make changes to it, and resubmit on purpose, but is this such a bad thing?? On the other hand, once they reach stage 2 (ie, stage 1 was valid), you could always set a cookie. If they DO click back to stage 1, you could always do a check for that cookie, and NOT show them the form again, which removes just about any chance of them resubmitting data, or going back thru the steps, UNLESS they have cookies turned off... which is a low percentage. Changing this to sessions in the URL would remove the chance all together. I'd recommend NOT breaking THEIR browser with the disabling of the back button... it's THEIRS after all, and they may WANT to go back through the sites they surfed before hitting you. Just my opinion though :) Justin French -------------------- Creative Director http://Indent.com.au -------------------- on 03/04/02 1:54 AM, Erik Price ([EMAIL PROTECTED]) wrote: > > On Tuesday, April 2, 2002, at 09:15 AM, Rick Emery wrote: > >> use cache control in your HTML to prevent BACK button usage >> This is easily done > > I've tried this using the HTTP headers recommended on the header() man > page, such as > > header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); > header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); > header("Cache-Control: no-store, no-cache, must-revalidate"); > header("Cache-Control: post-check=0, pre-check=0", false); > header("Pragma: no-cache"); > > These don't seem to have the effect that I'm looking for. Someone else > on the list suggested storing a session variable that basically says > "this page has been filled out, do not do anything if it has been > resubmit" which is a good idea, but I was hoping to have the user > automatically re-routed to an error page if they hit the "back" button. > (The session variable idea won't work until they refresh a page or > submit a form, because they will be returning to a page in their > history.) > > > Erik > > > > ---- > > Erik Price > Web Developer Temp > Media Lab, H.H. Brown > [EMAIL PROTECTED] > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
