Codeigniter adding data to database and then process it

StackOverflow https://stackoverflow.com/questions/23633907

  •  21-07-2023
  •  | 
  •  

Question

I am using codeigniter to built a type of online shop. I want to create a process order function in order to verify the details of the order the clients puts in.

I am stuck though because on the last page i have the data to submit and when i click i go to main/process_order where i insert the data in the table and then use curl to comunicate with another server.

My question is: when i hit submit and then stop on the process_order page if i reload it 1000 times, the table will be filled with the same 1000 lines, so this can be a security issue. Also if i make a function to add the data to db and then redirect to process_order it will be another issue because i still need my data that was posted.

What's the best way to solve this. I hope i made it as clear as i can. Code: 

$data=array(        
        'userid' => $userid,
        'email' => $email_data,   
        'phone' => $this->input->post('phone'),
        'discount' => $this->input->post('discount'),       
        'price' => $this->input->post('price'),
        'final_price' => $this->input->post('final_price'),
        'client_data' => $this->input->post('client_info'),
        'client_ip' => $this->input->post('client_ip'),
        'time' => $date
        );

    $this->db->insert('orders_temp', $data);
Was it helpful?

Solution

Maybe something like this can help. Do a check on the userid and the time before you insert the data. You would need make sure to do a search on database fields that are unique (unless the time field is the full time)

$data=array(        
    'userid' => $userid,
    'email' => $email_data,   
    'phone' => $this->input->post('phone'),
    'discount' => $this->input->post('discount'),       
    'price' => $this->input->post('price'),
    'final_price' => $this->input->post('final_price'),
    'client_data' => $this->input->post('client_info'),
    'client_ip' => $this->input->post('client_ip'),
    'time' => $date
 );

if (<!--CONDITIONAL STATEMENT-->)
{
    $this->db->insert('orders_temp', $data); 
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top