Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Preventing Double Orders

Status
Not open for further replies.
3dColor

3dColor

Programmer
Jan 10, 2006
240
US
I am creating a checkout payment page. I am concerned about the user pressing the submit button twice while waiting and getting charged twice.

I have a two page system. First page is the form page and the second page creates session variables and populates the form variables from the first page with any error messages. If no errors are found then it proceeds to the payment gateway at the bottom of the second page.

If i create a session variable at the bottom of the second page (after the payment has been processed):

Code: 
<cfparam name="session.checkout_nfo.completed" default="processed">

and then i place this at the top of the second page:

Code: 
<cfif isdefined ("session.checkout_nfo.completed") AND session.checkout_nfo.completed EQ "processed">
	<cflocation url="[URL unfurl="true"]http://www.#widgetURL#/">[/URL]
	<cfabort>
</cfif>

Will this prevent double orders?
 
Sort by date Sort by votes
how about taking care of this on the client side

Code: 
<form name="myForm">
<input type="button" name="myButton" value="Click to Submit" onClick="doSubmit();">
<script language="JavaScript">
function doSubmit()
{
  document.myForm.myButton.disable = true;
  document.myForm.submit();
}
</script>
 
</form>

but then theres always the "what if they have javascript turned off" problem... in which case you can simply assign a unique session/cart id to the user when they enter the site, at the top of the order processing page, check for that var- if it exists process the order, then destroy that var at the end of the page.


=========================================
I have not failed. I've just found 10,000 ways that won't work.
Thomas A. Edison
 
Upvote 0 Downvote
I do both. Matter o' fact, I have a script detector; you have to use Javascript if you want to dance.

Which of course starts a whole other subject: how do you do AJAX without JS ;^)

Phil Hegedusich
Senior Programmer/Analyst
IIMAK
-----------
Eschewing obfuscation diurnally.
 
Upvote 0 Downvote
Phil,

I would love to hear more about the JS detector. How does it work?
 
Upvote 0 Downvote
I use the <NOSCRIPT> tag. It's not perfect, but works for my application.

<noscript><META HTTP-EQUIV="refresh" CONTENT="0; URL=/nojavascript.htm"></noscript>

Note that this is not W3C-compliant. It's a catch-22: you can't have NOSCRIPT in the head, and you shouldn't have a META tag anywhere other than the head. It still works.

Phil Hegedusich
Senior Programmer/Analyst
IIMAK
-----------
Eschewing obfuscation diurnally.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

milbogo
  • Locked
  • Question
Double space in code when opening .php page
Replies
2
Views
75
milbogo
milbogo
russellisaac
  • Locked
  • Question
Preventing files being downloaded from web 3
Replies
8
Views
76
lebisol
lebisol
GUJUm0deL
  • Locked
  • Question
Coldfusion double combo
Replies
5
Views
77
GUJUm0deL
GUJUm0deL
andycmmartin
  • Locked
  • Question
Double space return
Replies
1
Views
70
dmacster
dmacster
jmiller38
  • Locked
  • Question
Preventing users from sharing accounts
Replies
2
Views
50
krisbrixon
krisbrixon

Part and Inventory Search

Sponsor

Back
Top