Prevent Refresh

What is best way of preventing multiple entries in DB through form submission when user clicks on REFRESH or BACK button of browser? Thanks Shaz

To avoid the refresh problem the best way to handle idempotent actions i.e form submissions is to perform a redirection after the relevant action has occurred. Note: This requires a client-side redirect which <cflocation> will do for you. So the page flow becomes this: 1) Form 2) "Action Page" - Database insert/update etc. 3) Redirect 4) End Page/Confirmation/Form again... If a refresh is done once on step 4, the Action page will not be run again. Hope that helps, André What is best way of preventing multiple entries in DB through form submission when user clicks on REFRESH or BACK button of browser? Thanks Shaz

oi Shahzad.Butt!! on the preceding page... <script>         window.history.forward(); </script> this will prevent use of the back button... on your form page.. for the refresh problem you can do this... if not isDefined("request.pageHit") ... do page stuff..... set request.pageHit = true <cfelse> page has already been accessed </cfif> Crit ------------------------------------ Tuesday, June 10, 2003, 9:18:17 AM, you wrote: SB> What is best way of preventing multiple entries in DB through form SB> submission when user clicks on REFRESH or BACK button of browser? SB> Thanks SB> Shaz SB>

oi Critz!! whoops.. request scope won't work doh! session will.. ------------------------------------ Tuesday, June 10, 2003, 9:32:55 AM, you wrote: C> oi Shahzad.Butt!! C> on the preceding page... C> <script> C>         window.history.forward(); C> </script> C> this will prevent use of the back button... C> on your form page.. for the refresh problem you can do this... C> if not isDefined("request.pageHit") C> ... do page stuff..... C> set request.pageHit = true C> <cfelse> C> page has already been accessed C> </cfif> C> Crit C> ------------------------------------ C> Tuesday, June 10, 2003, 9:18:17 AM, you wrote: SB>> What is best way of preventing multiple entries in DB through form SB>> submission when user clicks on REFRESH or BACK button of browser? SB>> Thanks SB>> Shaz SB>> C>

Something else you can do is disable the submit button onClick <input type="submit" name="submit" value="submit" onClick="this.disabled=true;"> I think thats the right value to assign to disabled. Stephen > What is best way of preventing multiple entries in DB through form > submission when user clicks on REFRESH or BACK button of browser? > > Thanks > Shaz

What I do is the following: 1) Set a session variable on the page that will submit the form, usually called session.frm_submit, and set it to 1. 2) Create a CFIF on the page the form submits to that checks the value of the session variable, and, if it is 1, sets it to 0 then processes the submission. If the value is already 0, the submission is ignored. This means the user would have to go back to the form page and reload it completely in order to submit the form twice. M What is best way of preventing multiple entries in DB through form submission when user clicks on REFRESH or BACK button of browser? Thanks Shaz

I cant use session scope in my app because of load balancing and stuff. So need a work around using request scope. Any suggetions??? Shaz oi Critz!! whoops.. request scope won't work doh! session will.. ------------------------------------ Tuesday, June 10, 2003, 9:32:55 AM, you wrote: C> oi Shahzad.Butt!! C> on the preceding page... C> <script> C>         window.history.forward(); C> </script> C> this will prevent use of the back button... C> on your form page.. for the refresh problem you can do this... C> if not isDefined("request.pageHit") C> ... do page stuff..... C> set request.pageHit = true C> <cfelse> C> page has already been accessed C> </cfif> C> Crit C> ------------------------------------ C> Tuesday, June 10, 2003, 9:18:17 AM, you wrote: SB>> What is best way of preventing multiple entries in DB through form SB>> submission when user clicks on REFRESH or BACK button of browser? SB>> Thanks SB>> Shaz SB>> C>

oi Shahzad.Butt!! client. ? Crit ------------------------------------ Tuesday, June 10, 2003, 9:52:46 AM, you wrote: SB> I cant use session scope in my app because of load balancing and stuff. SB> So need a work around using request scope. Any suggetions??? SB> Shaz SB> -----Original Message----- SB SB> Sent: 10 June 2003 14:48 SB> To: CF-Talk SB> Subject: Re: Prevent Refresh SB> oi Critz!! SB> whoops.. request scope won't work doh! session will.. SB> ------------------------------------ SB> Tuesday, June 10, 2003, 9:32:55 AM, you wrote: C>> oi Shahzad.Butt!! C>> on the preceding page... C>> <script> C>>         window.history.forward(); C>> </script> C>> this will prevent use of the back button... C>> on your form page.. for the refresh problem you can do this... C>> if not isDefined("request.pageHit") C>> ... do page stuff..... C>> set request.pageHit = true C>> <cfelse> C>> page has already been accessed C>> </cfif> C>> Crit C>> ------------------------------------ C>> Tuesday, June 10, 2003, 9:18:17 AM, you wrote: SB>>> What is best way of preventing multiple entries in DB through form SB>>> submission when user clicks on REFRESH or BACK button of browser? SB>>> Thanks SB>>> Shaz SB>>> C>> SB>

> What is best way of preventing multiple entries in DB > through form > submission when user clicks on REFRESH or BACK button of > browser? > Thanks > Shaz I usually use cflocation to move the browser to a confirmation template which informs the user that the record has been updated. In my case, this is often the form page, or in other words, they go back to the form with a "information saved" confirmation message at the top of the form, usually with all the info they just enterred filled in on the form again. I also like to use the pengoworks qForms API (www.pengoworks.com) to prevent multiple form submissions in browsers that support the DOM. If I have to use cfflush on a page, I move from cflocation to the javascript location.replace() which does the same thing client-side by replacing the current address in the browser history. It's available in Netscape as far back as version 3 and IE similarly. I'm not certain about other browsers, although I would assume at least Mozilla supports it since it was implemented in NS prior to Mozilla becoming available. There's a UDF implementation of it in the Tapestry API in my sig file also. hth s. isaac dealey                972-490-6624 new epoch                      http://www.turnkey.to lead architect, tapestry cms   http://products.turnkey.to tapestry api is opensource     http://www.turnkey.to/tapi certified advanced coldfusion 5 developer http://www.macromedia.com/v1/handlers/index.cfm?ID=21816

I agree with just about everything Isaac said, but wanted to chime in and say that the easiest solution would be the <cflocation> on the form's action page.  This is generally how I prevent the duplicate submissions. The form's action page contains no HTML, just the insert query.  After the query successfully runs, I do a <cflocation> to a "Thank You" page.  This way, a refresh only refreshes that page. ----- Excess quoted text cut - see Original Post for more ----- which informs the user that the record has been updated. > > In my case, this is often the form page, or in other words, they go back to the form with a "information saved" confirmation message at the top of the form, usually with all the info they just enterred filled in on the form again. I also like to use the pengoworks qForms API (www.pengoworks.com) to prevent multiple form submissions in browsers that support the DOM. If I have to use cfflush on a page, > > I move from cflocation to the javascript location.replace() which does the same thing client-side by replacing the current address in the browser history. It's available in Netscape as far back as version 3 and IE similarly. I'm not certain about other browsers, although I would assume at least Mozilla supports it since it was implemented in NS prior to Mozilla becoming available. There's a UDF implementation of it in the Tapestry API in my sig file also. ----- Excess quoted text cut - see Original Post for more -----

can always add a hidden field to the form with a specified value and then on the processing page add something like: <!--- check for duplicate form submissions ---> <cfif #form.submissionCheck# EQ "submitted"> Geezo have some patients, you already submitted the form! </cfif> but then again, i know jack squat about cf > I agree with just about everything Isaac said, but wanted to chime in and > say that the easiest solution would be the <cflocation> on the form's action ----- Excess quoted text cut - see Original Post for more ----- form > again. I also like to use the pengoworks qForms API (www.pengoworks.com) to > prevent multiple form submissions in browsers that support the DOM. If I > have to use cfflush on a page, > > > > I move from cflocation to the javascript location.replace() which does the > same thing client-side by replacing the current address in the browser > history. It's available in Netscape as far back as version 3 and IE > similarly. I'm not certain about other browsers, although I would assume at ----- Excess quoted text cut - see Original Post for more -----

wouldn't that fire every time the form was submitted? and if refresh was pressed on the form's action page...how would it prevent the data from re-posting? ----- Excess quoted text cut - see Original Post for more ----- and ----- Excess quoted text cut - see Original Post for more ----- the > > query successfully runs, I do a <cflocation> to a "Thank You" page. This ----- Excess quoted text cut - see Original Post for more ----- template ----- Excess quoted text cut - see Original Post for more ----- back > > to the form with a "information saved" confirmation message at the top of ----- Excess quoted text cut - see Original Post for more ----- Mozilla > > becoming available. There's a UDF implementation of it in the Tapestry API ----- Excess quoted text cut - see Original Post for more -----

yeah, I thought about that afterwards. somewhere I have done it and I don't remember what I did. I think I had set a session and used that as the default value for the hidden field and added +1. So if it was more that 1 it gave the error message. I told u I don't know crap, lol > wouldn't that fire every time the form was submitted? > > and if refresh was pressed on the form's action page...how would it prevent ----- Excess quoted text cut - see Original Post for more ----- the > > form > > > again. I also like to use the pengoworks qForms API (www.pengoworks.com) > > to > > > prevent multiple form submissions in browsers that support the DOM. If I ----- Excess quoted text cut - see Original Post for more ----- does ----- Excess quoted text cut - see Original Post for more ----- assume ----- Excess quoted text cut - see Original Post for more -----

Aren't there issues with disabled in some fairly common versions of NS and Mozilla? ----- Excess quoted text cut - see Original Post for more ----- s. isaac dealey                972-490-6624 new epoch                      http://www.turnkey.to lead architect, tapestry cms   http://products.turnkey.to tapestry api is opensource     http://www.turnkey.to/tapi certified advanced coldfusion 5 developer http://www.macromedia.com/v1/handlers/index.cfm?ID=21816

Thanks for clarifying that Charlie. :) I just realized my explanation was a little fuzzy. ----- Excess quoted text cut - see Original Post for more ----- s. isaac dealey                972-490-6624 new epoch                      http://www.turnkey.to lead architect, tapestry cms   http://products.turnkey.to tapestry api is opensource     http://www.turnkey.to/tapi certified advanced coldfusion 5 developer http://www.macromedia.com/v1/handlers/index.cfm?ID=21816

I assign a UUID to the form in both a persistent var (session or client) and a hidden form var (as a backup).  Then test for that in the db upon an insert attempt.  Any user who hits refresh gets a nice note saying "I don't THINK so".   The same mechanism and a cfif or two also prevents a user from hitting their BACK button and submitting the same form again thataway. ------------------------------------------- Matt Robertson,     matt@mysecretbase.com MSB Designs, Inc. http://mysecretbase.com ------------------------------------------- Reply-To: cf-talk@houseoffusion.com Date: Tue, 10 Jun 2003 12:42:09 -0700 ----- Excess quoted text cut - see Original Post for more -----

You could do that -- you'd have to use javascript to submit the form and set the value of the field after the form is submitted. ----- Excess quoted text cut - see Original Post for more ----- s. isaac dealey                972-490-6624 new epoch                      http://www.turnkey.to lead architect, tapestry cms   http://products.turnkey.to tapestry api is opensource     http://www.turnkey.to/tapi certified advanced coldfusion 5 developer http://www.macromedia.com/v1/handlers/index.cfm?ID=21816

> wouldn't that fire every time the form was submitted? Right, it would... I think my interpretation of what you were saying goes something like this: form.submit --> action page, begin processing meanwhile, the user is still looking at the form since they don't get the action page results until the action page finishes processing, so they hit submit again form.submit --> action page -- ask user to be patient now... if you just use a regular hidden form field, it's going to see that every time the form is submitted, so the user won't ever get anything other than the request for patience, so you have to change the value in the form between the first and 2nd submission, hence the javascript > and if refresh was pressed on the form's action page... > how would it prevent the data from re-posting? Well this by itself doesn't solve the issue of duplicated entries in the database, it merely prevents the form from initiating the action page twice. It also doesn't prevent the user from refreshing the form page, filling in the form again and resubmitting the form that way... none of this being really a complete solution for anything, just conjecture. :) I still think cflocation on the action page is the better part of the best solution for the issue as a whole. I think Charlie Griefer gave probably the clearest explanation of that solution. ----- Excess quoted text cut - see Original Post for more ----- s. isaac dealey                972-490-6624 new epoch                      http://www.turnkey.to lead architect, tapestry cms   http://products.turnkey.to tapestry api is opensource     http://www.turnkey.to/tapi certified advanced coldfusion 5 developer http://www.macromedia.com/v1/handlers/index.cfm?ID=21816

Isaac wrote: >You could do that -- you'd have to use javascript to submit >the form and set the value of the field after the form is >submitted. Nope.  I use something very close to the code below.  The user is assigned a form ID on arrival.  This ID is checked for using both the persistent var you see here and later on when its time to hit the db and do an insert.  Kind of a double check in case somehow the cvar-based test doesn't work.  I know the 'UID' isn't perfect.  A UUID with the dashes stripped out is probably smarter. Honestly I forget exactly.  This has just worked so well over the last couple years that I pretty much forgot about it. <!--- this goes on the form page.  This is shorter than a UUID ---> <cfset DateStamp="#NumberFormat(Now(),"_____")#"> <cfset TimeStamp=MID(Now(),16,9)> <cfset TimeStamp=REPLACE(TimeStamp,":","","ALL")> <cfset TimeStamp=REPLACE(TimeStamp," ","","ALL")> <cfset OriginIP=REPLACE(CGI.REMOTE_ADDR,".","","ALL")> <cfset FormUID="myUID" & "DateStamp & TimeStamp & OriginIP> <input   type="hidden"   name="FormUID"   value="Frm#variables.FormUID#"> <!--- on the action page: --->   <cfset VarPart1="client."> <cfif isdefined ("#VarPart1##form.FormUID#")>   error message goes here   <cfabort> <cfelse>   <cfset "client.#form.FormUID#"=form.FormUID> </cfif> ------------------------------------------- Matt Robertson,     matt@mysecretbase.com MSB Designs, Inc. http://mysecretbase.com ------------------------------------------- Reply-To: cf-talk@houseoffusion.com Date: Tue, 10 Jun 2003 15:22:33 -0500 ----- Excess quoted text cut - see Original Post for more -----

----- Excess quoted text cut - see Original Post for more ----- Well, I was commenting on having passed a variable from a form and simply determining whether to perform the action or display the message on the basis of just that one form field, without any other context such as the db, etc. > Honestly I forget exactly.  This has just worked so > well over the last couple years that I pretty much > forgot about it. Gotta love fire-and-forget solutions. :) s. isaac dealey                972-490-6624 new epoch                      http://www.turnkey.to lead architect, tapestry cms   http://products.turnkey.to tapestry api is opensource     http://www.turnkey.to/tapi certified advanced coldfusion 5 developer http://www.macromedia.com/v1/handlers/index.cfm?ID=21816

>Well, I was commenting on having passed a variable from a form >and simply determining whether to perform the action or >display the message on the basis of just that one form field, >without any other context such as the db, etc. ah... I missed that boat. >Gotta love fire-and-forget solutions. :) Yup.  One thing it does, though, is leave cvars littered in the cvar db, which is a minor annoyance to me when I see a regular user with 10 vars in there... although it affects very little and of course they get flushed out eventually.   I'm writing a thing now to expire old ones prior to assigning a new one since I keep date stamp data in there. Good thing I have nothing important to do than tinker with running code :D ------------------------------------------- Matt Robertson,     matt@mysecretbase.com MSB Designs, Inc. http://mysecretbase.com ------------------------------------------- Reply-To: cf-talk@houseoffusion.com Date: Tue, 10 Jun 2003 16:02:50 -0500 ----- Excess quoted text cut - see Original Post for more -----

Great job! That works fine..... Thanks Isaac wrote: >You could do that -- you'd have to use javascript to submit >the form and set the value of the field after the form is >submitted. Nope.  I use something very close to the code below.  The user is assigned a form ID on arrival.  This ID is checked for using both the persistent var you see here and later on when its time to hit the db and do an insert.  Kind of a double check in case somehow the cvar-based test doesn't work.  I know the 'UID' isn't perfect.  A UUID with the dashes stripped out is probably smarter. Honestly I forget exactly.  This has just worked so well over the last couple years that I pretty much forgot about it. <!--- this goes on the form page.  This is shorter than a UUID ---> <cfset DateStamp="#NumberFormat(Now(),"_____")#"> <cfset TimeStamp=MID(Now(),16,9)> <cfset TimeStamp=REPLACE(TimeStamp,":","","ALL")> <cfset TimeStamp=REPLACE(TimeStamp," ","","ALL")> <cfset OriginIP=REPLACE(CGI.REMOTE_ADDR,".","","ALL")> <cfset FormUID="myUID" & "DateStamp & TimeStamp & OriginIP> <input   type="hidden"   name="FormUID"   value="Frm#variables.FormUID#"> <!--- on the action page: --->   <cfset VarPart1="client."> <cfif isdefined ("#VarPart1##form.FormUID#")>   error message goes here   <cfabort> <cfelse>   <cfset "client.#form.FormUID#"=form.FormUID> </cfif> ------------------------------------------- Matt Robertson,     matt@mysecretbase.com MSB Designs, Inc. http://mysecretbase.com ------------------------------------------- Reply-To: cf-talk@houseoffusion.com Date: Tue, 10 Jun 2003 15:22:33 -0500 ----- Excess quoted text cut - see Original Post for more ----- http://www.houseoffusion.com/cf_lists/uns ----- Excess quoted text cut - see Original Post for more -----