-2

EDIT: This question has nothing to do with any of the duplicated posts, marked by @mario

If this happens to you too, please see this comment from @MonkeyZeus's answer.

I have a very basic PHP/MySQL script that inserts 1 row into the Database. For some reason though, I have found out that if I want to run the script by typing the URL into the Chrome / Firefox URL bar, but don't finish it, just click on the already visited option - my script gets executed twice.

I am using Chrome's latest 64bit version, build: 69.0.3497.100.

Firefox: 62.0 (64bit) (seems like it's been fixed in v63?)

Is this an expected behaviour or a potential bug? If not a bug, can anyone please explain why is this happening?

EDIT:

Please reopen the question, because my issue has nothing to do with the duplicated posts, Mario mentioned...

The correct answer goes to @MonkeyZeus.

MonkeyZeus
  • 20,375
  • 4
  • 36
  • 77
Radical_Activity
  • 2,618
  • 10
  • 38
  • 70
  • 1
    can you show your script code? –  Oct 26 '18 at 17:03
  • 2
    Check your settings and make sure your browsers are not set to pre-fetch web content. Some browsers call it "speed mode" or some BS like that. See https://www.technipages.com/google-chrome-prefetch – MonkeyZeus Oct 26 '18 at 17:03
  • @mario Actually none of the answers you suggested were anything similar to my question, but thanks for marking it as a duplicate, very useful! – Radical_Activity Oct 26 '18 at 17:14
  • @MonkeyZeus Thank you so much for your answer. I have been fiddling around with this for a bit and you were right! This is all happening because pre-fetching! Never even thought about this! Please make an answer (if you can) and I'll accept is as the answer. – Radical_Activity Oct 26 '18 at 17:15
  • 1
    @mario Would you be able to re-open this please? If not, then at least link to a duplicate which solves the issue. Thanks! – MonkeyZeus Oct 26 '18 at 17:25
  • 1
    @Radical_Activity glad I could help but as long as this question is closed I cannot post an answer. Anyways, good luck with your project! – MonkeyZeus Oct 26 '18 at 17:26
  • @MonkeyZeus Thank you for the solution. You saved my day after 6 hours of debugging of a complicated application! Hope it gets reopened. – Radical_Activity Oct 26 '18 at 17:30
  • @MonkeyZeus You can post the answer now :-) – Radical_Activity Oct 26 '18 at 17:32
  • @mario Thanks for the positivity here... much appreciated for the downvote also... won't be useful for you, but might be for future users. I don't think that people will mind it, because I certainly couldn't find the post you're talking about after 1 hour of searching in Google... – Radical_Activity Oct 26 '18 at 17:36
  • Possible Duplicate of [PHP script display image BLOB executed twice?](//stackoverflow.com/q/11796527), [PHP script display image BLOB executed twice?](//stackoverflow.com/q/11796527), [Chrome loading script twice when manually typing url to move to next page](//stackoverflow.com/q/31215875), … – mario Oct 26 '18 at 17:37
  • 1
    @mario I would agree with https://stackoverflow.com/questions/31215875/chrome-loading-script-twice-when-manually-typing-url-to-move-to-next-page but not the other – MonkeyZeus Oct 26 '18 at 17:39
  • 1
    That's kinda the point of having duplicates though. Making the more useful ones easier to find for others. That being said, I personally don't care that much. At this point such cleanup work doesn't make much sense (too much repetetion already). Hence reopened, yet I don't want too many duplicates showing up on Google. No offense meant. – mario Oct 26 '18 at 17:42
  • 1
    @Radical_Activity Unfortunately there is a proper dupe so I will not be providing an answer. However, this does bring to light that you may need to program your app a bit more defensively because a regular user of your site is going to have absolutely ZERO clue that their browser could be mucking up your website's data. Additionally, it always helps to point out what you have tried (especially from Stack Overflow) or why other "potential" dupes are not relevant to your situation; there simply would have been a better chance of proper dupe closure the first time around. – MonkeyZeus Oct 26 '18 at 17:44
  • @MonkeyZeus Thank you for the insights, I will keep them in mind for the future. By the way, I was simply doing testing, I did not intend to share this with any users the script would have run as a background job. However, I didn't know about this feature so now I will code more carefully if I make something for the public. – Radical_Activity Oct 26 '18 at 17:49
  • 1
    Oh ok, I see. Once again, glad I could help! Looks like someone else saw the opportunity to answer and jumped on it. Feel free to accept it if it is applicable to your situation :) – MonkeyZeus Oct 26 '18 at 17:51
  • @MonkeyZeus Haha yeah, looks like doesn't it. Okay, I will accept it. :) – Radical_Activity Oct 26 '18 at 17:54

1 Answers1

1

The key here is to never, ever, do potentially damaging operations via a GET request. Always, always do those via POST and to protect those against CSRF using tokens.

There's all sorts of ways a link might get pre-fetched, pre-loaded, scraped, imaged, or otherwise accessed without your knowledge. Translation tools, screenshot tools for bookmarks, note organizer apps, and others will load any GET request without concern for the consequences.

Imagine if you have a link that deletes something and I can guess what that URL is. I can send you an email with an image tag like:

<img src="http://example.com/user/290/delete">

Then that user gets deleted instantly, no confirmation required. You won't even know it happened. This is why accepting via POST is vital.

tadman
  • 208,517
  • 23
  • 234
  • 262