This is the only way that I have been able to insure that the users can not use any of the bad buttons (back,refresh,double-click submit). The java-script solutions will only work for users that have java-script enabled.
I put the following in my authenticate.php which is included at the top of every page. authenticate.php <? if ($_POST['form_id'] != ''){ mysql_select_db("form_authentication"); $query = "select count(*) as valid_form from form_id where form_id = '".$_POST['form_id']."'"; extract(mysql_fetch_array(mysql_query($query))); if ( $valid_form < 1 ){ include("warn_doubleclick.php"); exit; } else { mysql_select_db("form_authentication"); $query = "delete from form_id where form_id = '".$_POST['form_id']."'"; mysql_query($query); } } /* MORE AUTHENTICATE STUFF HERE */ function create_form_id(){ mysql_select_db("form_authentication"); $new_form_id = uniqid(rand(),1); $query = "insert into form_id values ( '$new_form_id' )"; mysql_query($query); $form_field = "<input type=\"hidden\" name=\"form_id\" value=\"$new_form_id\">"; return $form_field; } ?> Then inside every form that I want to protect from back button , refresh button or double-clicking of the submit button I echo the results of create_form_id inside the <form> tag. I also remember to include authenticate.php which is going to actually stop the user from resubmitting the same form. <?php include("authenticate.php"); include("header.php"); echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"POST\">"; echo "<input type=\"text\" name=\"test\">"; echo create_form_id(); echo "</form>"; include("footer.php"); ?> Here is an example warn_doubleclick.php that you can edit to your taste. This is what the users will be redirected to if they break the button rules. <?php include("header.php"); echo ("<BR><BR><h2>You have double clicked the submit button titled<b>"); echo ($_POST['submit']."</b> or attempted to process this form twice by using the back button or the refresh button.</h2>"); echo ("<BR><BR><a href=index.php>Return to Program</a>"); include("footer.php"); ?> Here is the SQL to create necessary DB and table. CREATE DATABASE form_authentication; CREATE TABLE form_id ( form_id varchar(50) NOT NULL default '' ) TYPE=MyISAM; James Hicks -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php