How to not allow repeated INSERT giving reload on the page? [duplicate]

3

How can I do not to allow% re_completed if someone reloads the page?

Example:

$libera = $_POST['libera'];

if ($libera == "sim"){
    $sql = mysql_query ("INSERT INTO a_finan(id_reserva,id_cliente)VALUES('$id_res','$id_cliente')", $conexao) or die( mysql_error());
}else{
    echo"";
}

If I give a INSERT to execute this code, after it is executed, if it reloads the page it will run again. How to avoid this?

    
asked by anonymous 16.01.2016 / 16:49

3 answers

2

You can check if these values already exist.

For example:

<?

$libera = $_POST['libera']; 
if ($libera == "sim"){

// MODIFICAÇÃO

$sqlChecar = mysql_query("SELECT id FROM a_finan WHERE id_reserva = '$id_res' AND id_cliente = '$id_cliente'");
// Irá buscar os registros

if(mysql_num_rows($sqlChecar) === 0){
// Se não houver resgistros faça...

// FIM DA MODIFICAÇÃO 

$sql = mysql_query ("INSERT INTO a_finan(id_reserva,id_cliente)VALUES('$id_res','$id_cliente')", $conexao) or die( mysql_error());
// Insere normalmente

}else{
//se não

echo "Já existe";


}
}else{
echo ""
}

In this way you will check, before inserting, if a record with the same values already exists.

  

mysql_ * is already deprecated and I do not recommend it, if you are at the beginning of development (or just learning) try using mysqli.   Remember that no type of security feature was used!

    
16.01.2016 / 17:00
5

As @Inkeliz said, you can check if the record already exists before inserting.

Another thing I do and recommend is: after an insert, redirect to the listing of what was entered, for example, if a product was inserted, then redirect to the product listing, so if the user reloads the page he will reload the listing and not the insert.

To redirect in PHP (added exit at @bacco suggestion)

header('Location: destino.php'); 
exit; // para garantir que o script termine aqui
    
16.01.2016 / 18:00
2

The simplest is to redirect to another page, however, the user can still return the page and reprocess it.

To provide a greater guarantee, raise a flag using session variable:

if ($libera == "sim" && !isset($_SESSION['submitted'])){
    $sql = mysql_query ("INSERT INTO a_finan(id_reserva,id_cliente)VALUES('$id_res','$id_cliente')", $conexao) or die( mysql_error());

    $_SESSION['submitted'] = true;
}else{
    echo "";
}

On the form page, enter:

<?php
if (isset($_SESSION['submitted'])) {
    unset($_SESSION['submitted']);
}

This is to reset the flag and be able to legitimately post from the form in case the user wants to register something else, not duplicated.

Logging in

Obviously, you should know that to use session variables you need to initialize them with session_start () .

I skipped the boot in the examples above because it might be that your system is already in use and this could cause some error. If your scripts are not already in use, just invoke the function:

In the form:

<?php
session_start();
if (isset($_SESSION['submitted'])) {
    unset($_SESSION['submitted']);
}

In the script that receives the data and writes:

session_start();
if ($libera == "sim" && !isset($_SESSION['submitted'])){
    $sql = mysql_query ("INSERT INTO a_finan(id_reserva,id_cliente)VALUES('$id_res','$id_cliente')", $conexao) or die( mysql_error());

    $_SESSION['submitted'] = true;
}else{
    echo "";
}

Let's complicate matters?

The user can still backward and forward through the browsing history. Then in that case, the user sucks. But it can be something legitimate. It is possible to implement more reinforcement in these cases using the session variable, for example, checking if the data sent is exactly the same as previously sent.

Usage advantage

This is not the case here, but for cases where there is no control of the primary key to be inserted, it would not be feasible to use the search technique in the database before inserting, since without a unique key, search query more complex and often inaccurate.

Situation example: a table with a primary key of type autoincrement.

The session technique also helps prevent bot and spammer actions because a session should be started on the original page of the form. It does not mean that it is 100% secure against bots or spammers, but it helps to make it difficult to do such actions.

Additional Notes

A session variable expires, but still better than having nothing. In addition, a session can be set to expire in a time greater than 1 hour. One day for example. For even greater reinforcement, you can use $_COOKIE , instead of session. So let's hear that the user can delete the cookie. Okay, but then it stops being an ordinary user and it becomes clear the bad intentions. For a user of this type, you can put whatever blockage you will find a means to circumvent. In these cases it is good to guard against suspicious activity and to take the appropriate measures. At this point we enter into a parallel discussion, which should not be added here as it would deviate much from the main focus, branching out into various subjects.     

16.01.2016 / 22:57