To be safe, you'll need to compare the data to see if it already exists in the db.
After that, some preventitive measures:

- if it's important (order form), make sure to use no cache headers and meta tags (both).
- if you need to meta refresh, make the refesh url slightly different by changing some form value.
- treat inbound data as temporary until the final comittment step by the user.

Things not to do:
- expect a user to fill out a snoopy personal form before asking for a cc (leads to huge amounts of bogus data).
- don't disable the back button.

Thanks, but meta pragma no cashe and refresh dont help. Maybe cookie, but I dont think that is best solution.

I completely agree that it is a difficult task. I'm wrestling with a similar situation right here.

Can't compare the data on the script side?

I completely agree that it is a difficult task. I'm wrestling with a similar situation right here.

Can't compare the data on the script side?

No I cant. Its just simple form for guestbook entries.
Is it possible to delete "environment" variables? Such QUERY_STRING ?

No I cant. Its just simple form for guestbook entries.
Is it possible to delete "environment" variables? Such QUERY_STRING ?

Not from a cookie or js.

I press refresh button to resubmit my last message.

Now I am doing simple XML CGI/C++ guestbook. Do u have any idea how to parse the data using xsl files on Apache/Xerces/Xalan? And how to insert guestbook entries to XML file?

I too use the check on data in the DB to ensure that double posts are minimized.

The other approach that I've toyed with is on creation of a form include a hidden timestamp field, in a user table have the timestamp of the last action (or in a cookie, file etc), if they match don't let the action occur. In short I don't think there is a way to do this that doesn't involve additional programming.

BTW. Double posts above? Deliberate or accidental :)

I think after inserting entries, I should create cookie, for example "insertedOK". And before inserting entries program should check the existence of that cookie. If it exists then dont insert because already inserted. And after 2-3 steps cookie must be deleted(optional).
But problem is that, after pressing refresh the warning message: " the data must be send before refreshing....". I dont want this message. This data must be deleted I think after posting!
My English not good enough, I hope that u understand!

P.S.: It was not accidently, I showed u the bug of this discussion board

>But problem is that, after pressing refresh the warning message: " the data must be send before refreshing....". I dont want this message.

Thats down to the browser. The only way to avoid this is to switch to the GET method (as opposed to POST) in your form. Then you have the problems with limitations of amount of data passed by GET - not good for discussion forums... but maybe appropriate for your application.

Ps.. you could do this with javascript... check for the presense of the Cookie on the onclick option on the submit button, and if it exists set the location to look at the results rather than submit... just thinking outloud.

Thanks my friend, I will try that...