Hi,

When i hit the F5 to refresh the page, sql statement in that page runs again. It means last insert, update or delete process is triggered again. How can i solve this problem. Is it necessary for me to do insert, update or delete processes in other pages to prevent this issue?

Thanks

Hi,

When i hit the F5 to refresh the page, sql statement in that page runs again. It means last insert, update or delete process is triggered again. How can i solve this problem. Is it necessary for me to do insert, update or delete processes in other pages to prevent this issue?

Thanks

Why are you having to refresh the page? Is it a form? Can you post your code so I can see it?

hello restrict your delete ,update queries by putting in some if conditions like:

if(!empty($_GET['delid']))
{
//delete queries...
}
if(!empty($_GET['updateid']))
{
//update queries...    
}

if updation and deletion again done after hit f5,then no problem with them,be cause if one record delete with one id,then our delete query won't work,for the updation,same values will go by update,this is also not a problem...

For the insert query:
we have to check one field which was the unique...
like:

$qry1="SELECT * FROM `your_table`  WHERE unique_cloumn='".$_POST['value_unique_cloum']."'";
		$res1=mysql_query($qry1) or die(mysql_error());
$num1=mysql_num_rows($res1);
if($num1>=1)
{
echo "already existed....";
}

Hi,

When i hit the F5 to refresh the page, sql statement in that page runs again. It means last insert, update or delete process is triggered again. How can i solve this problem. Is it necessary for me to do insert, update or delete processes in other pages to prevent this issue?

Thanks

okk.......check this out.....

you must have a submit button in your form...that is after clicking that button your insertion query runs..........

now you just add this part with your code...

<?PHP
IF($submit='Submit'){

$sqlinsert=mysql_query('        ') or die();

}

I'll try your solutions and let you guys know.
Thanks

If you're making a HTTP Request that creates an update on the server, then you should use the POST HTTP Method.

Right now your FORM is doing a HTTP GET, change the action to POST in order to make a POST request. POSTs will let the user know that they are going to resend the data when they refresh the browser.

You can also add some JavaScript to disable the form submit button as soon as it is pressed. That prevents duplicate presses.

The best way to deal with this is server side however, and it is to add an ID to each FORM that will potentially change data on the server. When the FORM is submitted, expire that ID. If a user refreshes the page, you will receive an expired ID on the server, and thus know its a reload.

Hi gigital-either,

How do i do what you said(below)? Thanks

"The best way to deal with this is server side however, and it is to add an ID to each FORM that will potentially change data on the server. When the FORM is submitted, expire that ID. If a user refreshes the page, you will receive an expired ID on the server, and thus know its a reload. "

Hi gigital-either,

How do i do what you said(below)? Thanks

"The best way to deal with this is server side however, and it is to add an ID to each FORM that will potentially change data on the server. When the FORM is submitted, expire that ID. If a user refreshes the page, you will receive an expired ID on the server, and thus know its a reload. "

Sorry I didn't completely read the replies made to your post. Shanti Chepuru explains a really good example of how to make sure there are no duplicates. This doesn't use the overhead of tracking each form you send to the client, and may be the more simple solution.

Tracking the forms you send to the client however (giving each a unique ID) has the other benefit of protecting your forms from "session riding" or "session forgery".
http://www.owasp.org/index.php/Cross-Site_Request_Forgery

What you need to do is have a database table that saves a unique ID for each page generated by PHP (or especially pages with forms on them). Then tie this unique ID to the users session ID.

Lets say you have the rows in your table valid_forms:

id, session_id, form_id

The response_id shoud be unique values. ID should be auto incrementing and the primary id.

So when you generate a form, you insert an entry for that form into your table:

$form_id = sha1(time().$sessid.rand());
$query = "INSERT INTO valid_forms SET session_id = ".intval($session_id).", form_id = '".$form_id.'"";

// pseudo db query function
db_query($query);

Then in the form, you insert the form id you created as a hidden value.

<form method="POST">

.... 


<input type="hidden" value="<?php echo $form_id; ?>" />
</form>

When you receive a form POST, check the database for a valid entry, and then delete the entry. You can do this with a single delete query and then checking the affected rows.

$form_id = $_POST['form_id'];

$query = "DELETE FROM valid_forms WHERE form_id = '".mysql_real_escape_string($form_id)." LIMIT 1";

db_query($query);

if (!mysql_affected_rows()) {
die('The form is invalid, or is a duplicate post');
}
This article has been dead for over six months. Start a new discussion instead.