I'm new to PHP and I'm working on language learning and e-commerce website. With shopping cart, etc. I have items in this site, when an item is clicked, the item's ID is sent to the shopping cart page via the GET method. Using this ID, I add the item to the shopping cart (DB in the table) and it works fine.
& lt; A href = "do_shoppingcart.php? Id = & lt; php echo" $ Itm_id ";? & Gt;" & Gt;
The issue is; If the user clicks the Refresh button, the item is added to the shopping cart again. Do you think it is a good option to disable the Fresh button or F5 button? What should I do to prevent the item from being added to the shopping cart when the page is fresh? In the forms I found that "(isset ($ _ POST ['submit']) {}" is useful, but it does not work according to the GET method.
Your help is appreciated.
The safest way (even useful to stop CSRF attacks) is to hide your token field Add the form to the form. Then, in the processing script, only add items to the database if that token is not present yet ...
To Something like this can be made:
$ token = sha1 (unicode));
is linked to your link:
echo & lt; a href = "process.php? Id = '. $ Id.' & Token = '. $ Token;
After that, After processing, you inquire your database for that line with that token.
from the table SELECT 1 where token = ABC .... '
If this returns the query, do not take action on anything else ...
No comments:
Post a Comment