Destroying variables in PHP

[supertrucker]

I created a php page that has a form that posts back to the same page, index.php. However, if someone clicks the browser reload button on the "Thank you for submitting!" page, the data is resubmitted. As long as they sit there and keep hitting reload, it will keep resubmitting. I tried the unset() function, but that doesn't actually clear the data from the browser bar that get's reloaded. I pass the data from the original form to the submit page using the "get" attribute. Would changing it to "post" deliver me from evil!? Simply putting a note, I'm afraid, on the web form that says "submit only once" is just asking for trouble! Help!Supertrucker

[yoshida]

You can transfer the data by using a session. Once the handler is done, end the script with session_destroy(); so the variables are unloaded from the server.On sessions: something is saved in a session using $_SESSION['variable']=$variable and loaded from the session using $variable=$_SESSION['variable']; (if you want to know more, look it up)Also, in the 'thank you for submitting' page you can also put this in the head of that page:

<meta http-equiv="refresh" content="3; url=http://www.yoursite.org/index.html">

This is a fairly common autoforward command in which 'content' represents the delay time before refreshing to the new page.

[supertrucker]

Thank you! I forgot about the refresh method! I'm kind of learning PHP here on-the-fly, so still I'm trying to get the kinks out! I will also look into the session function. Thank you,Supertrucker

[yoshida]

You're me, eight months ago. No better way than trial&error. I'm fairly new at php too (as in 'no guru').Good luck.

[supertrucker]

You're me, eight months ago. No better way than trial&error. I'm fairly new at php too (as in 'no guru').Good luck.

Thanks, I need it! Now I need to figure out how to create a script that will allow only specific users to logon for administrative functions.

[yoshida]

that's not too hard; have a user log in on a certain link (that is not seen on te webpage), check the database for the number of rows that contain the combination of username and password (usually 1) and if the login is valid have a session created (if (mysql_num_rows == '1') { $admin = 'valid'; $_SESSION['admin'] = $admin; }You can restrict parts of the script by statingif ($_SESSION['admin'] == 'valid') { display admin menu or function }Each admin script needs to check for the session as well. You can also set a cookie, since sessions usually expire after ten minutes.If you think this is unsafe, make no mistake. PHP is unsafe by definition.