On Tuesday, July 2, 2002, at 11:10 PM, Justin French wrote:
> on 03/07/02 11:54 AM, Richard Lynch ([EMAIL PROTECTED]) wrote:
>
>> Rule of Thumb:
>> If you have to do header("Location: ...") you have a
>> design/engineering/organizational problem in your code/pages/site.
>>
>> I'm sure a zillion people will disagree with this "rule"
>
> I agree, except there's one exception to this that I can't see a way
> around.
>
> When dealing with form submissions the receiving file needs to validate
> all
> the code before anything is sent to the browser, update the database (or
> whatever) and then redirect to itself with some sort of GET flag that
> issues
> a thankyou note or something.
>
> Otherwise people can hit "refresh" and post the data twice, or 10
> times :)
Justin! That's a great idea. No one ever mentioned that to me before
(and I've been on and off this list for months). Or actually, I think
YOU mentioned it once but I didn't understand it.
So let me ask: do you have one giant script that validates all data,
depending on the variables sent to it? Or do you have a "formcheck"
script for each individual form?
This is a great way to stop someone from hitting refresh and
resubmitting their POST data accidentally, since you've got that GET
flag which basically says "do not process this form!" It's not
-secure-, since anyone can remove this flag (even if you used POST), but
it will work for Joe User to stop him from accidentally resubmitting.
Erik
----
Erik Price
Web Developer Temp
Media Lab, H.H. Brown
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
