Everyone who writes online forms hates the back button and the refresh button. All kinds of solutions are out there, from ajax submissions (with their annoying scalability delays) to disabling buttons which work intermittently, to using POST requests and giving the user a warning (such as most banks do) leaving the user clueless as to what they have done wrong.
There is one, and only one correct way.
Each html form presented to the user needs to have a unique key associated with it.
When this form arrives with the server, the controller needs to see if it has processed the unique form before. If it has, then it should present the user with the same form again, otherwise it needs to process the form.
require_once("../includes/include.php");
$t = @$_REQUEST['t'];
$s = @$_SESSION['lastreq'];
if (!isset($s[$t])) {
// Do the work.
$_SESSION['lastreq'][$t] = true ;
}
?>
form
input type=text name=tname value=
input type=hidden name=t value=t
input type=submit
/form
Here's a simplified controller model:
The user will still get a warning when submitting 'post' type forms, but if they decide to continue, they will get a meaningful message from the server.
There is one, and only one correct way.
Each html form presented to the user needs to have a unique key associated with it.
When this form arrives with the server, the controller needs to see if it has processed the unique form before. If it has, then it should present the user with the same form again, otherwise it needs to process the form.
require_once("../includes/include.php");
$t = @$_REQUEST['t'];
$s = @$_SESSION['lastreq'];
if (!isset($s[$t])) {
// Do the work.
$_SESSION['lastreq'][$t] = true ;
}
?>
form
input type=text name=tname value=
input type=hidden name=t value=t
input type=submit
/form
Here's a simplified controller model:
The user will still get a warning when submitting 'post' type forms, but if they decide to continue, they will get a meaningful message from the server.
