There's a much better way that is less falliable to problems/hacking on the user's end: include a uniqueid in a hidden field on the form, and sort a list of these uniqueid's in a second table when they are created. Upon submission of a form, remove that unique id from the table if it's there and process the form normally, otherwise, tell the user they've already submitted their data and move on elsewhere.
You can sufficently munge data into this uniqueid such as the localtime on your server, user id, random numbers, etc, if you want to reduce the chance of someone faking a request to your server.
-----------------------------------------------------
Dr. Michael K. Neylon - mneylon-pm@masemware.com
||
"You've left the lens cap of your mind on again, Pinky" - The Brain
| [reply] |
Absolutely correct... the hard problem here, however, is controling the way we increment the database variable..... (For this project, we are not using perl, (sigh), rather a different, poorer, language.) We are intending to eventually do this, but for now, the -1 trick works. The trick to getting the cache to expire on netscrape and internet exploder is putting the variables (no cache, pragma, and expires) in the right place and in the right order...
----
Zak
| [reply] |