CGI form repost from browser--how to prevent?
Michael Ströder
michael at stroeder.com
Sat Dec 29 09:08:19 EST 2001
Andreas Kostyrka wrote:
>
> On Tue, Dec 11, 2001 at 10:51:53AM -0800, Chris wrote:
> > I'm writing a Python cgi script that does some inserts into a mysql
> > database based on data in an html form submitted by a user. Is there
> > any way to prevent the browser from reposting the data from the form
> > when the user hits refresh in the browser after they have submitted
> > the form? When this happens, the script receives the same cgi form
> > data and performs the same inserts on the database. I think maybe
> > this can be prevented by storing some state info with cookies?? Not
> > sure (have never used cookies). Any ideas on an easy way to prevent
> > this?
> Make it a POST Method. This way a standard conforming browser has to ask
> permission from the user to repost the data.
Which doesn't prevent the user from hitting the button "Yes, resend
form". BTW: Chris already said "to prevent the browser from
reposting".
If it's crucial for the data integrity the server-side CGI-BIN part
has to cross-check the input against existing data. There's no
general solution without knowing details about the data model. Also
the [Back] button and "Open Link in New window" are things to
consider.
Ciao, Michael.
More information about the Python-list
mailing list