I'm wanting to know if its possible to stop people clicking "back" and re-submitting a form which is uded to update an account after payment. It's easy to just click back and hit refresh which would credit the users account again for free! Not many people will think of this but it's possible and could end up costing me a fortune!

You could either log the IP or set a cookie. Either way would work, so it is up to you. ;)

OOO cookies, thats a good idea!

Unless the user rejects the cookie, which is quite possible - in Mozilla, it takes 2 clicks to block cookies from a site.

Adam

good point, any other ideas?

You could perhaps give them a code after paying (perhaps a MD5 hash of a random number) which is stored in a database table/file of allowed codes until they use it once, then it is deleted. You could pass the code in a hidden form field.

Adam

at the moment they get a code which is posted from a 3rd party, verified and then redirected back to my account update page. I could log the code in a file and check it every time a code is entered but that would involve a ton more coding and as I can only use flat files after a while the script would just time out! Cookies are working for now, my users can just get over it :P