I am developing a custom CRUD for MySql DB´s.
(Please excuse my english)
Note: Edited scripts which were not correctly copied (One was a dupplicate of the first one..
I am trying to prevent Backspace navigation to Insert, update and delete scripts because those can produce insconsitent DB entries.
The CRUD produces list, insert, view, update and delete scripts and additionaly insert_DB, update_DB and delete_DB scripts which carry the appropriate DB functions or would alert the user of an ilegal call to the script and redirect him to the home page.
In order to prevent double execution of those pages, the Insert, update and delete pages record a session variable $_SESSION['Process'] with the intended next process to be executed.
The DB scripts checks for an appropriate $_SESSION['Process'] value and proceed to execute the DB operation. If succesfull the will redirect the browser to the List page for the specific table.
Going forward this works fine. But after the user has been redirected to the table List script, if the user hits "backspace", the user is not redircted to the DB script (which would silently fail and alert the user), but to the calling insert, view or update script, skiping the DB script. The DB script is not recorded in the browser history. Furthermore, The initial List script does not show the correct session value.
For example:
(The examples are limited to show the intended functionality, and do not cover best pratices, nor DB connection,etc...)
ListTest.php
<?php
session_start();
$_SESSION['DBName'] = "segucom_Responsive";
echo"Request DB Data collection form <br />";
echo "Session(Insert) as Received: ", print_r($_SESSION), "<br/>";
$_SESSION [ 'Process' ] = "";
session_write_close();
echo "Session(Insert) as Set: ", print_r($_SESSION), "<br/>";
?>
<form method="post" name="InsertCheck" action="ListFormTest.php" >
<p><input type="hidden" name="ListRequest" value="1" ></p>
<input type="submit" value="submit" />
</form>
ListFormTest.php
<?php
session_start();
echo"Collect data and sent to DB Insert script <br />";
echo "Session(Insert) as Received: ", print_r($_SESSION), "<br/>";
$_SESSION [ 'Process' ] = "Insert";
session_write_close();
echo "Session(Insert) as Set: ", print_r($_SESSION), "<br/>";
?>
<form action="ListDBTest.php" method="post" name="InsertCheck" >
<p>Input Some data <input type="text" name="Data" ></p>
<input type="submit" value="submit" />
</form>
ListDBTest.php
<?php
session_start();
echo"Receive data and insert in to DB, Chek for Scorrect Session Process value <br />";
echo "Session(Insert) as Received: ", print_r($_SESSION), "<br/>";
if ($_SESSION[ 'Process' ] != "Insert") {
$_SESSION [ 'Process' ] = "Ilegal";
session_write_close();
echo "Session(Insert) as Set: ", print_r($_SESSION), "<br/>";
echo ' alert ("ILEGAL FORM ACCESS,");
window.location="ListTest.php";';
}
$_SESSION [ 'Process' ] = "Legal";
echo "Session(Insert) as Set", print_r($_SESSION), "<br/>";
include "../../cgh/tcl.txt";
$conn = connect();
$sql = "INSERT INTO Test (`Data`) VALUES ('" . $_POST[ 'Data' ] . "');";
$res = $conn->query($sql) or die("Could not write Record, $sql " . print_r($conn->errorInfo()));
if ($res != FALSE ) {
$_SESSION[ 'Process' ] = "Processed";
/*sleep(10);*/
session_write_close();
echo "Session(Insert) as Set: ", print_r($_SESSION), "<br/>";
echo ' alert ("Record Inserted");
window.location= "ListTest.php"; ';
} else {
$_SESSION [ 'Process' ] = "DB_Error";
/*sleep(10);*/
session_write_close();
echo "Session(Insert) as Set: ", print_r($_SESSION), "<br/>";
echo ' alert ("Record Not Inserted");
window.location= "ListTest.php";
';
die();
}
?>
What can I do to have those scripts working as intended?
I searched StackOverflow and Googled on the issue with no helpful advise, some leading to the use of timers and delays but refered to AJAX or uploading delays.
I tried to no avail, several aproaches to warrant Session writting and HTML Refresh like:
session_write_close();
sleep(10);
<meta HTTP-EQUIV="Pragma" CONTENT="no-cache">
<body onLoad="document.location.reload();">
Thanks in advance
0 comments:
Post a Comment