Home > Archive > PHP DB > October 2007 > Re: [PHP-DB] Prevention for multiple submissions from the same form
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Re: [PHP-DB] Prevention for multiple submissions from the same form
|
|
|
|
But what if the data being inserted isn't unique? What if it's a voting
form that says "Do you like pie? Yes/No"? True, it could record the
response and the userid or IP address so that would be a unique pairing but
what if the vote was anonymous and you allowed multiple people from the
same IP address (ie behind a firewall/proxy) to submit votes?
There could be cases where the data isn't necessarily unique, is all I'm
saying. In which case you could use the unique ID thing to make sure it's
not a double-submit from the same person, or only allow a submission every
XX seconds from a single IP address, or maybe create some kind of
fingerprint of the voter using their browser type and version or some other
odd method. The unique ID thing is by far the simplest and less
discriminatory against people beind firewalls or proxies.
So you see, there is some kind of case for allowing non-unique input into the
database, depending on the circumstances.
-TG
----- Original Message -----
From: OKi98 <oki98@centrum.cz>
To: T K <tek.katu@gmail.com>
Cc: php-db@lists.php.net
Date: Fri, 05 Oct 2007 10:34:50 +0200
Subject: Re: [PHP-DB] Prevention for multiple submissions from the same form
> T K napsal(a):
> Why? You should always ensure that only unique data are inserted into
> database. This is not just about multiple submissions. Visitor can
> submit form then forgets about that so he goes back and submits the same
> thing again.
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
| |
|
| TG napsal(a):
> But what if the data being inserted isn't unique? What if it's a voting
> form that says "Do you like pie? Yes/No"? True, it could record the
> response and the userid or IP address so that would be a unique pairing but
> what if the vote was anonymous and you allowed multiple people from the
> same IP address (ie behind a firewall/proxy) to submit votes?
>
simple solution with timestamp - you allow to vote from 1 ip once in a
given time (day, hour, minute, second, depends on you)
> There could be cases where the data isn't necessarily unique
Sorry, I dont know any.
|
|
|
|
|