swa66 - 12:37 pm on Feb 28, 2013 (gmt 0)
Every time you generate the form (I suppose you do that in php),
generate inside the form a html line that says
<input type="hidden" value="$random" />
you need to generate the random string too ...
to generate it you could use something like:
$chars = 'ABCDEFGHIJKLMOPQRSTUVXWYZ0123456789';
$len = strlen($chars)-1;
$roll = rand(0,$len);
$random .= substr($chars,$roll,1);
When you process the from
- where you check if it's "free",
- if it fails, check if the random value you stored is the same as the one you got this time.
- if it is, it's a resubmittal of the form
- if it's "free":
- store the random value in your database
That's it based on your explanations.
But I think that creating a session, and hence recognizing them after paypal hands you back the visitor would make a lot of sense too.