in reply to security in forms

If you wanted to do it clientside, you could write some kind of javascript, like onClick=disable(this), or whatever the correct js is. There should be a way of switching off the button.

You could put a (random) hidden varible into the form and keep track of which 'numbers' have just submitted data in a local file. Clear the number after you've finished processing their form and sent the response, or at midnight, whatever takes your fancy. Or if you're pushing data into a database you could do a query to see if you're submitting duplicate information.

Or, at the risk of getting shotdown by the perl fanatics here (i.e. almost everybody) use the persistent (or session? what are they called?) variable features of php4.

I know there are a few other ways but I haven't had to tackle this problem directly before..

____________________
Jeremy

Replies are listed 'Best First'.
RE: Re: security in forms
by Penfold (Novice) on Nov 05, 2000 at 02:31 UTC
    Apache::Session will do the equivalent of the PHP4 wizardry for you in mod_perl.

    Another approach would be to do something like an md5sum of $query->query_string . $query->remote_host, and save it in some persistent DB for 'an appropriate time' (possibly until your CGI has completed successfully and displayed the results page...)

[reply]

In Section Seekers of Perl Wisdom