Wednesday 7 November 2018

mysql - How to restrict update or insert more than once by navigating back to referring page in php?



I am developing a web application where I want to restrict update or insert more than once by navigating back to referring page. Let me present you three model files in the order of flow so that I can raise the zone where I am stuck.




  • register.html



            
    ...





    ...


  • process.php



                    echo "Welcome ".$_GET['para'];
    ?>

  • success.php



                    if(isset($_POST['Submit']))
    {
    $name = $_POST['name'];

    // some database update here ...

    echo "Done. Click to go next";
    unset($_POST['Submit']);
    }else{
    echo "Error in submission";
    }
    ?>



The above three files are very simple. Here the update part has nothing to do when the user hits the back button after landing on page success.php because of unset($_POST['Submit']);. But when the user goes back further by hitting the back button again it reaches register.html and can again come up with the $_POST['Submit'] set and may do the update part which is sometimes vulnerable. I know there is Post/Redirect/Get to solve this issue, but I want some other alternatives so that the part gatekeepering the update part may be made so efficient that it would not allow the same anymore by clicking the back button.


Answer



If you are getting duplicate records inserted.




  1. You may try INSERT IGNORE

  2. ADD UNIQUE INDEX to your table to prevent this happening



    you may choose any one of INSERT IGNORE and REPLACE according to the duplicate-handling behavior




Refer https://dev.mysql.com/doc/refman/5.5/en/insert-on-duplicate.html




  1. Lastly you may like simple php with mysqli_num_rows()



    $sql = "SELECT id FROM table-name WHERE column-name1 = ? AND column-name2 = ? ;
    $mq = mysqli_query($sql);

    if (mysqli_num_rows($mq) < 1) {
    $sql = "UPDATE table-name SET (colum-names) VALUES (...)";
    mysqli_query($sql);
    else {
    echo "Record already updated";
    }
    }


No comments:

Post a Comment

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print &q...