refresh causes double post

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
i'm using an html form to submit comments to a database. the form is on
the same page where the comments are being displayed. if you hit
submit, your comment appears as it should, but then if you hit refresh
there is a duplicate post. how might i fix this?

Re: refresh causes double post

relevant code:

// submit comment
if( $name && $comment )
    $query = "INSERT INTO comments (name,email,comment,id) VALUES
else if( $submit )
    echo 'missing fields';

// display comments
$result = mysql_query("SELECT * FROM comments WHERE id='$id' ORDER BY
timestamp DESC");
$num    = mysql_numrows($result);

for($i=0; $i<$num; $i++)
    $name        = mysql_result($result,$i,"name");
    $email        = mysql_result($result,$i,"email");
    $comment    = mysql_result($result,$i,"comment");

    echo '<br />';
    if( $email )
        echo '<a href="mailto:'.$email.'">';
    echo '<b>'.$name.':</b>';
    if( $email )
        echo '</a>';
    echo '<br />'.$comment;


// display form
echo '
<form action="?id='.$id.'" method="POST">

    <label for="name">Name</label>
    <input name="name" type="text" /><br />
    <label for="email">Email</label>
    <input name="email" type="text" /><br />
    <label for="comment">Comment</label>
    <textarea name="comment"></textarea><br />

    <input name="submit" type="submit" value="Submit" />

Re: refresh causes double post

Following on from Mark's message. . .
Quoted text here. Click to load it

You /have/ taken precautions to avoid SQL injection?

PETER FOX Not the same since the cardboard box company folded
2 Tees Close, Witham, Essex.
Gravity beer in Essex  <

Re: refresh causes double post

Mark wrote:

Quoted text here. Click to load it

Hi Mark,

That has more to do with the browser than php.

Look at your action-tag in your form.
(It is very stange in your case by the way)

If a form is submitted the browser expects a page as anser.
In most cases this is the page the receiving script of the form generates.

Now if you hit 'refresh' the browser assumes you want the same page  
refreshed, the one that was produced as a result of your posting.

One simple way to 'fix' this (because nothing is wrong) is:
page1.php contains form
set the action to page1_process.php

receives the form, does its stuff like databaseinserts.
Do not create ANY output.
End you script with something like this:

$result = urlencode("Thanks for posting!");
header ("Location: page1.php?result=".$result);

And in page1.php you could display the result if it exists in the  

Now the browser gets the news that page1.php is the one to be displayed.  
Refreshing it will only refresh the page and not do a reposting.

If you set up all your scripts like this:
1) You never get that annoying problem again
2) You neatly seperate processing pages from contentrich pages, thus  
avoiding long and bugprone scripts that do it 'all functionality at once'.

Erwin Moller

Re: refresh causes double post

Erwin Moller wrote:
Quoted text here. Click to load it

Since you cannot prevent people from hitting the refresh button, you can  
prevent the database from accepting it and generating an error to the  
effect - you already did that.

you can create a primary key (PK) consisting of columns that you do not  
want duplicated.   I am assuming that a user name with a particular  
email address can submit multiple comments with a unique id.

So your PK - or unique index depending on how you choose to resolve this  
- would be name,email,id.  If ID is not unique, then you would simple  
let all 4 fields be a PK or have a unique index.

alter table comments add constraint pk_comments (name,email,comment,id);

This will prevent duplicate values.  You should always check the status  
of all database statements for success/failure/warning and handle it in  
your code.

Re: refresh causes double post

Peter Fox wrote:
Quoted text here. Click to load it

Not yet, but thanks. I forgot what the term for that kind of attack
was, I'll do some research on it.

Erwin Moller wrote:
Quoted text here. Click to load it

ah... excellent. this gets rid of that annoying "resend information"
message on refresh too.

noone wrote:
Quoted text here. Click to load it

so this will make it so that ALL those values together can't be
identical with any other comment?

i was wondering how I might do this.  I figured out how do put "unique"
on a single column, but that doesn't help me much.

thanks a lot for your help guys! this is great.

Re: refresh causes double post

Mark wrote:
Quoted text here. Click to load it

correct. the INSERT will fail.

Quoted text here. Click to load it

As I stated, you can also create unique indexes - the difference is the  
error generated at the time of the failure - and how your code handles it.

Not knowing what other fields exist in this table makes the  
recommendation of what to use a bit more difficult.

Quoted text here. Click to load it

any time.

Site Timeline