How to prevent direct access to php file and stop a form reload posting?

[Jmacp]

2 questions here.


1) How do you stop a form from reposting if the page is reloaded,

HTML Code:

<form method = "post" action = "doit.php">
<input type = "text" name = "stuff">
<input type = "submit">
</form>

So a user could reload the page and the fields would be posted again, this may result in the php duplicating itself.


2) Similar to the first question and may be he same answer, how do you stop someone directly accessing the php file by navigating to it and hence running it, in this instance the form fields wouldn't be posted to the php file but you could still munipulate the php file either by manually (hacking) putting in query strings or maybe just running the php on its own may result in undesired results.?

I think you can use the

HTML Code:

<input type = hidden...

for question one, although i am not sure on this and for questions 2 maybe something to do with the http referrer, but still the http referrer only gives the base domain or something like that, any fullproof methods i can use?

I want to protect any possibilty of for the php file to run apart from when the submit button is pressed and valid data is posted, although the valid data part could be done with javascript..