i have a code that upload picture and preview a image that in the same pages,
how can i prevent a user double upload image when he press F5 ?
thanks.
how can i prevent a user double upload image when he press F5 ?
thanks.
how to prevent double post when user klik F5 *Refresh* ?
| Philip wrote: |
| i have a code that upload picture and preview a image that in the same pages,
how can i prevent a user double upload image when he press F5 ? |
Try this (NOT TESTED!):
Add this to the very beginning of your script:
| Code: |
| <?php
session_start(); if (!isset($_SESSION['count'])) { $_SESSION['count'] = 0; } ?> |
Check double posts with
| Code: |
| <?php
if (++$_SESSION['count'] != $_POST['nodblpost']) { exit('Please do not double post. Thank you.'); } ?> |
And your form should be something like
| Code: |
|
<form ...> <input type="hidden" name="nodblpost" value="<?php echo $_SESSION['count']+1; ?>"> <!-- other form fields and whatnot --> </form> |
I think this should work (after anything I left wrong is corrected) because when you display the form to the user you get a variable with a value ($_POST['nodblpost'] = 1 for the first time) which is compared with the server version of the same variable ($_SESSION['count'] = 1); if the user refreshes the page only $_SESSION['count'] wil be incremented, and the comparison with $_POST['nodblpost'] will identify a mismatch.
The first thought that popped to my mind is to lead your user through two different pages. To explain better:
Upload Form Page - Start here. User hits submit.
Middle Page - On submit, user is lead here. There is no content.
Final Page - User is automatically redirected here with no upload coding in between.
I think that might do it. Certainly not the best solution, but it might help.
Upload Form Page - Start here. User hits submit.
Middle Page - On submit, user is lead here. There is no content.
Final Page - User is automatically redirected here with no upload coding in between.
I think that might do it. Certainly not the best solution, but it might help.
The way most systems do it (and the way this forum works) is to do data processing on a page which makes no output, and when done, have that page output a header to redirect to another page. The last thing to process on the page would then be (this is what I use, combined with session variables to send any information related to the processing on to the next page):
That way, the user will have no chance to refresh the page receiving the post - the first thing he'll see is the page redirected to after the processing (upload) is done. The data processing page won't even be stored in the history of the browser, so going back, you'll get back to the data entry page.
The visual confirmation page, which redirects after a while, like on these forums, is done by a combination of a javascript setTimeout (calling window.location.replace()) and meta redirects (to work on browsers without javascript). window.location.replace also does not store an entry in the browser history, so after posting, you'll still get back to the data entry page if you press "Back", not the post confirmation page or the (empty, never seen) data processing page.
So, a combination of those two: header('Location: redirect.php'); + redirect.php containing a visual confirmation of the upload and a redirect to the main page or similar.
| Code: |
| header('Expires: Tue, 28 Mar 1978 07:04:00 GMT'); // That's my birthday, pick any date in the past.
header('Last-Modified: ' . gmdate("D, d M Y H:i:s") . ' GMT'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', false); header('Pragma: no-cache'); header('Location: page_to_redirect_to.php'); |
That way, the user will have no chance to refresh the page receiving the post - the first thing he'll see is the page redirected to after the processing (upload) is done. The data processing page won't even be stored in the history of the browser, so going back, you'll get back to the data entry page.
The visual confirmation page, which redirects after a while, like on these forums, is done by a combination of a javascript setTimeout (calling window.location.replace()) and meta redirects (to work on browsers without javascript). window.location.replace also does not store an entry in the browser history, so after posting, you'll still get back to the data entry page if you press "Back", not the post confirmation page or the (empty, never seen) data processing page.
So, a combination of those two: header('Location: redirect.php'); + redirect.php containing a visual confirmation of the upload and a redirect to the main page or similar.
thanks to hexkid its work 
anyway how does it work ? ?? ??
anyway how does it work ? ?? ??
| Philip wrote: |
| thanks to hexkid its work |
Thanks for letting me know that.
| Philip wrote: |
| anyway how does it work ? ?? ?? |
| hexkid wrote: |
| when you display the form to the user you get a variable with a value ($_POST['nodblpost'] = 1 for the first time) which is compared with the server version of the same variable ($_SESSION['count'] = 1); if the user refreshes the page only $_SESSION['count'] wil be incremented, and the comparison with $_POST['nodblpost'] will identify a mismatch. |
The first time the page is sent to the client, $_SESSION['count'] is 0 (zero) and the hidden "nodblpost" value is 1.
When the client submits, $_SESSION['count'] is incremented and compared to $_POST['nodblpost']. As they're both 1 now the script goes on with the upload.
If the client refreshes, $_POST['nodblpost'] is still 1, $_SESSION['count'] is again incremented and becomes 2 and as they're different it can be assumed it was a double post.
oh isee..
that;s how it;s work
thanks,
that;s how it;s work
thanks,
Related topics
 |