I know this has probably been talked about before… I just can’t find what I’m looking for.
I’ve got a form that submits back to itself, if it validates it submits into a mySQL database. Pretty basic I think.
The problem is, if the person hits the refresh button, it will submit go through the ‘insert’ process again, and create another row in the database. I know this is not a problem on a back end, but this form is for people to register for an event. Basically, the general public will be using this, so anything can happen.
What is the best way to keep people from submitting something twice? Also, I’ll post my form on here. Is there anything else I should do to make this more secure? Do you see anything that is a real security flaw?
Thanks a lot.
[code=php]<link href=”/styles/pages/bill_geist_presentation.css” rel=”stylesheet” type=”text/css” />
<?php
if (‘POST’ == $_SERVER[‘REQUEST_METHOD’]){
include_once $_SERVER[‘DOCUMENT_ROOT’] . “/edit/code/edit_functions.php”;
while(list($key,$val) = each($_REQUEST)) {
$_REQUEST[$key] = trim(addslashes($val));
}
//print_r($_POST);
$error = false;
$error_message = “”;
if ($companyName == null){
$error = true;
$error_message .= “<li>Company Name is required.</li>”;
}else{
$companyName = addslashes($companyName);
}
if ($phone == null){
$error = true;
$error_message .= “<li>Phone is required.</li>”;
}else{
$phone = addslashes($phone);
}
if ($email == null){
$error = true;
$error_message .= “<li>Email is required.</li>”;
}else{
$email = addslashes($email);
}
if ($numberAttending == null){
$error = true;
$error_message .= “<li>Number Attending is required.</li>”;
}
if ($attendee1 == null){
$error = true;
$error_message .= “<li>You need to insert an attendee name.</li>”;
}else{
$attendee1 = addslashes($attendee1);
}
if ($attendee2 != null){
$attendee2 = addslashes($attendee2);
}
if ($attendee3 != null){
$attendee3 = addslashes($attendee2);
}
if ($attendee4 != null){
$attendee4 = addslashes($attendee2);
}
if ($payment == null){
$error = true;
$error_message .= “<li>Payment Type is required.</li>”;
}
if ($error){
$echo_string = “Do not run query into Database. <br />”;
$echo_string .= “Please Fix These Errors. <ul>”;
$echo_string .= $error_message . “</ul>”;
echo $echo_string;
}else{
$query = “INSERT INTO bill_geist_registration VALUES (”, ‘$companyName’, ‘$phone’, ‘$email’, ‘$numberAttending’, ‘$attendee1’, ‘$attendee2’, ‘$attendee3’, ‘$attendee4’, ‘$payment’, ‘0’)”;
dbconnect_admin();
if (mysql_query($query)){
?>
<h1>Registration Complete</h1>
<p>Thank you for registering for this event! You now just need to pay. Please click the link below, and follow the instructions for payment. If you are paying with a credit card, you can fill this out and fax it to us. If you are paying by check, fill the form out and mail it to us with a check. Thank you very much.</p>
<p><a href=”#”>Link to PDF</a></p>
<p>If you have any questions or concerns, please call us at ### ### ####.</p>
<?php
}else{
?>
<h1>Registration Error</h1>
<p>Please hit the back button and try to register again. If you have recieved this error twice in a row, please call (563) 322-3911 ext. 107.</p>
<?php
};
mysql_close();
}
}else{//end at bottom of file.
?>
<h1>Bill Geist Presentation</h1>
<p>Unveiling of the Quad Cities Destination Review Presented by Nationally Recognized Consultant/Speaker Bill Beist on Feb. 22rd.</p>
<strong>Must RSVP by February 16th</strong>
<form action=”/for_visitors/bill_geist_presentation.html” method=”post” name=”geistForm” id=”geistForm”>
<div class=”form_div”>
<table cols=”2″>
<tr>
<td class=”title”>Company Name:</td>
<td class=”input”><input type=’text’ size=’50’ id=’companyName’ name=’companyName’ value=” /></td>
</tr>
<tr>
<td class=’title’>Contact Phone:</td>
<td class=’input’><input type=’text’ size=’30’ id=’phone’ name=’phone’ value=” /></td>
</tr>
<tr>
<td class=’title’>Contact Email:</td>
<td class=’input’><input type=’text’ size=’40’ id=’email’ name=’email’ value=” /></td>
</tr>
<tr>
<td class=’title’>Number Attending:</td>
<td class=’input’>
<select name=’numberAttending’ id=’numberAttending’><span class=’note’></span>
<option value=”></option>
<option value=’1′>1</option>
<option value=’2′>2</option>
<option value=’3′>3</option>
<option value=’4′>4</option>
</select><span class=’note’>(Limit of 4)</span>
</td>
</tr>
<tr>
<td class=’title’>Attendee 1:</td>
<td class=’input’><input type=’text’ size=’40’ id=’attendee1′ name=’attendee1′ value=” /><span class=’note’> *contact name</span></td>
</tr>
<tr>
<td class=’title’>Attendee 2:</td>
<td class=’input’><input type=’text’ size=’40’ id=’attendee2′ name=’attendee2′ value=” /></td>
</tr>
<tr>
<td class=’title’>Attendee 3:</td>
<td class=’input’><input type=’text’ size=’40’ id=’attendee3′ name=’attendee3′ value=” /></td>
</tr>
<tr>
<td class=’title’>Attendee 4:</td>
<td class=’input’><input type=’text’ size=’40’ id=’attendee4′ name=’attendee4′ value=” /></td>
</tr>
<tr>
<td class=’title’>Payment Method:</td>
<td class=’input’>
<select name=’payment’ id=’payment’ width=’50’>”
<option value=”></option>
<option value=’creditCard’>Credit Card</option>
<option value=’check’>Check</option>
</select>
</td>
</tr>
</table>
</div>
<div class=”frmButton_div”>
<input type=”submit” value=”Submit Registration” id=”frmButton” name=”frmButton” />
</div>
</form>
<?php
} //end else
?>