CodeIgniter Forums
Refreshing re-enters the data in the db again and again. Help? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: Refreshing re-enters the data in the db again and again. Help? (/thread-52079.html)



Refreshing re-enters the data in the db again and again. Help? - El Forum - 05-29-2012

[eluser]liesbetweenyoureyes[/eluser]
So as the title says, my code in registration works but if I refreshed the success page it just input to the database again. What good implementation can I do so this wont happen.

In PHP I usually do this:

Code:
header('Location: register.php?success');

and put a getter somewhere in the page and if the success in the url it wont do it again.

But in codeigniter, I can comprehend how:

Code:
$data['main_content'] = 'signup_success.php?success';

I tried putting that above code but obviously it doesnt work and errors

What advice can you guys give?


Refreshing re-enters the data in the db again and again. Help? - El Forum - 05-29-2012

[eluser]boltsabre[/eluser]
When your registration form is (successfully) submitted, are you just loading a new view, or using redirect?

If you just load a new view, (I think, I'm at work so cannot test it) the global $_POST array is still populated with your form data and you're still in the same controller method. Thus if you hit refresh it will post the form again, and because it still has the $_POST data, it will successfully submit it.

Solution: after successfully submitting your form, use redirect() to redirect your user to another function and display the submit page from that function.

But....this tells also tells us you have a flaw in your logic somewhere, you should only every be able to create one account with the exact same information. After the form is submitted, I'd suggest you do a check against their email address (or something similar) and only run your DB insert if it is not already there. If it already exists, you should redirect them to a login page.


Refreshing re-enters the data in the db again and again. Help? - El Forum - 05-29-2012

[eluser]Otemu[/eluser]
Hi,

I paste you some code when I get home, but since I am at work I am unable to do that however I just basically give you the basic concept:

1. user loads signup page
2. controller returns view signup
3. user fills in signup form and submits
4.[optional] controller performs various validation on form (http://ellislab.com/codeigniter/user-guide/libraries/form_validation.html) validation class can also be used to check if username/email etc already exists in database and return error to user
5. controller now passes the form data to model
6. the model inserts data into the database
7. if successful the model redirects the user to the success page

user can now refresh success page as many times as they like without effecting database
Hopefully this is enough to solve your issue if not then let me know and I paste an example for you when I get home or if you can't wait just check out this tutorial http://net.tutsplus.com/articles/news/codeigniter-from-scratch-day-6-login/

Hope that helps



Refreshing re-enters the data in the db again and again. Help? - El Forum - 05-30-2012

[eluser]liesbetweenyoureyes[/eluser]
I am just loading a new view. I have not yet encounter redirect before.
Oh that's probably the reason why it goes again and again...

Yup my code has still some logical error but I am gonna fix it, thanks for the advice

also thanks for the idea guys! it worked using a redirect.

I have a question, umm so I put my redirect in the Controller and directs it to a new function there. Is it okay to put that in the controller or is it a better practice if it is in the Model as a function? Or either is okay? I'm still doubting my knowledge when it comes to MVC so I wanna ask you guys the best practice for it.


Refreshing re-enters the data in the db again and again. Help? - El Forum - 05-30-2012

[eluser]Otemu[/eluser]
The correct way is actually to redirect through the controller which is fine and true to mvc, so what you have done is correct.

Just in case you wondering why I then mentioned model redirection, well this was more due to the book Professional Codeigniter that I started with when learning Codeigniter. I guess the concept behind this was to minimise code.

I assume the author of the book made the assumption when it came to user registration that once all validation had been complete and the form data had been successfully inserted through the model that a redirection was definitely always going to take place, so why have extra code for the controller to check the returned value of the model when you know that your going to redirect anyway. I wouldn't say this is best practice however.


Refreshing re-enters the data in the db again and again. Help? - El Forum - 05-30-2012

[eluser]boltsabre[/eluser]
I agree with Otemu's last statement, for pretty much all my model stuff, I actually check if something has been inserted (or updated).

Code:
//model, in pseudo code for a new user insert
//here run your DB insert and check if it actually worked
if($inserted){
   return true //or return $user_id
}else{
   // there was a db failure somewhere and our new user was NOT inserted
   // Here I do some custom error logging for my own benefit and...
   return false
}

And in the controller
Code:
$run = $this->user_model->insert_new_user($post_data);
   if ($run){
      //user successfully inserted into DB, do whatever you need to do now and then...
      redirect('successfully_registered');
   }else{
      //user NOT inserted into the DB for some reason, do whatever you want:
      //redirect back to your homepage, or set some flashdata letting the user
      // know there was a problem and to try again and then reload the view for them, etc
   }

It makes for a lot more coding, but it will save on problems later on. What would happen if there was a DB problem and the user was NOT inserted to the DB, but you didn't check for it and just set a "logged_in" session variable and gave them full access to your website even though they don't exist and there is no "user_id" for them.
Is it likely to happen? Let's hope not, but with shared DB servers you never know... what if they have a problem, or go down for maintenance, or one of the other shared websites experiences a DoS attack shutting down the servers, etc.
With stuff like "inserting a forum post/reply", it isn't that important to do these checks as the page just wont display the post if it doesn't exist in the DB, but for stuff like inserting a new user, yeah, it's pretty important