Hi again, guys.

I think, now I have very simple question for advanced programmers. How can I prevent repetitive inserts into DB (with identical data) when a user manually refreshes a page after a valid form submission?? I tried after form submission to unset $_POST variable but no results :/ I’m feeling dummy about this question

p.s.: form’s action link points to itself

my strategy is to always do a location redirect in my controller after a form submission

I knew that redirect helps in this case, there is no other way ?

PoWah - 08 September 2007 02:22 PM

Hi again, guys.

I think, now I have very simple question for advanced programmers. How can I prevent repetitive inserts into DB (with identical data) when a user manually refreshes a page after a valid form submission?? I tried after form submission to unset $_POST variable but no results :/ I’m feeling dummy about this question

p.s.: form’s action link points to itself

Just an insight $_POST variables are unset by CI by default so unset($_POST) wouldn’t help anything. Also, when a user hits refresh it is in fact resetting the same $_POST data.

Also, redirecting is not a true solution because the user could easily hit “back” a few times and the browser would ask you to resubmit the form data.

Okay, with all that said what you COULD do is assign a sort of “form session”

1) When creating a form set a unique “form session” id (some random string) in the user’s session.
2) Set inside the form params (a hidden field) that same unique “form session” id.
3) Upon submission check to make sure the “form session” id in the form and the session match.
4) If they do match then add the data to your db and then change (or unset) the “form session” id.

Viola!

read this

you could also make a unique index in your database to prevent duplicate entries. When inserting the data from the form, check if the query was successful and display an error, it won’t be if the index fails

Indexes in my case not possible (data may be very similar in various ways), but I think I will use Athfar’s mentioned method. Thanks all for your help!

Besides, if how Athfar said, in CI $_POST is unset automatically, then why I can access $_POST variables like this (directly through the $_POST array)?

PoWah - 08 September 2007 11:36 PM

Besides, if how Athfar said, in CI $_POST is unset automatically, then why I can access $_POST variables like this (directly through the $_POST array)?

echo $_POST["some_input"]; 

Grr… that’s my mistake it’s $_GET that is unset… $_POST is not filtered. Either way unsetting $_POST in the controller won’t help if you are using $this->input->post() (nor with what you are trying to do).

The security filtering function is called automatically when a new controller is invoked. It does the following:

Destroys the global GET array. Since CodeIgniter does not utilize GET strings, there is no reason to allow it.
Destroys all global variables in the event register_globals is turned on.
Filters the POST/COOKIE array keys, permitting only alpha-numeric (and a few other) characters.
Provides XSS (Cross-site Scripting Hacks) filtering. This can be enabled globally, or upon request.
Standardizes newline characters to \n