run update query only once in php

Question

is it possible to run update query only once, here i have a link or button where if he clicked his profile will be changed(updated) automatic and brought him at myaccount.php page . All thing going fine and working properly but the main problem occuring when reloading the same page(myaccount.php) and his profile updating with every time. But i want his profile should only change when he clicked the link or that button only once...i set link as

<a href='myaccount.php.php?age =$age && status= $status' target='_blank' style='color:#E07707;font-weight:bold;'>Update Profile</a></div></div><br>

and I set update query on myaccount.php as:

  if(($age== '') || ($location= '') || ($status= ''))
     {  
      $newquery1 = "update $tabl_u something...................... where id='$id'";
    }

there is no submit button no other events for update data, but only clicked by url or link where i passed some id for update data, i hope my question is done by my side and hope you will understand if something i missed or missing please let me know ...feel free to ask anything regarding my question..plz help i realy need help....thanks in advance !

Answer 1

You should never do any data change in a GET request. As said in the HTML 4 and HTTP specifications

If the processing of a form is idempotent (ie it has no lasting observable effect on the state of the world), then the form method should be GET. Many database searches have no visible side-effects and make ideal applications of query forms.

If the service associated with the processing of a form has side effects (for example, modification of a database or subscription to a service), the method should be POST.

For example, what happens if the user has a "web accelerator" that pre loads all the urls on the page ?

You should also check that the request indeed come from the user on your website, or you open the door to a very easy CSRF vulnerability.

With that said, the usual method to fix what you want is that, after updating the user status in your database, you should issue a redirect to the non-modifying page.

base page -> click on change link -> change the status in database and redirect to base page again

<?php
if(($age== '') || ($location= '') || ($status= '')) {
   mysqli_query(/* update whatever */);
   header('Location: myaccount.php');
   exit;
}

If he refresh the page, he is on base page so it won't change anything. If he press "back" in his browser, he goes back to the page base too (pages that issues a redirect aren't saved in the browser history).

Answer 2

After you do the update, don't output anything. Instead, send the user somewhere else, for example:

header("Location: myaccount.php");
exit(0);

That way, the GET data is lost from the link and reloads won't repeat the update, while clicking the "Back" button would take the user to the page (probably the form) before the update, so - again - the update will not be repeated.

Answer 3

session_start();
if(isset($_GET)) {

   if(empty($_SESSION['update'])) {
     //update data 
     $_SESSION['update'] = 'Finished';
     echo 'updating is finished';
   }else{
     echo 'Your details have beed updated already';
   }
 }