关于页面刷新重复提交的有关问题和isset的有关问题

关于页面刷新重复提交的问题和isset的问题

' method='post'>
Picture:
URl:
 
 

  if ($_SERVER['REQUEST_METHOD'] == 'POST'){
  if(isset($_POST['img']) && isset($_POST['url']))
  {  
  $img = $_POST['img'];
  $url = $_POST['url'];
  $query = sprintf('INSERT INTO pic(pic,url)'.
  'VALUES ("%s","%s")',$img,$url);
 
if(!$result = mysql_query($query))
  { 
  die('Could not insert into the database:'.mysql_error());
  }
  }
}
   
?>




为什么我填入img或者url为空，也能提交成功，if(isset($_POST['img']) && isset($_POST['url'])) 这个语句有错吗？


另外如何防止刷新重复提交，请大神帮助改下代码！！！！

------解决方案--------------------
session_start();

if ($_SERVER['REQUEST_METHOD'] == 'POST'){
if($_POST['token'] != $_SESSION['token'])
{
die('Token mismatch');
}
unset($_SESSION['token']);
if($_POST['img'] && $_POST['url'])
{
$img = $_POST['img'];
$url = $_POST['url'];
$query = sprintf('INSERT INTO pic(pic,url)'.
'VALUES ("%s","%s")',$img,$url);
  
if(!$result = mysql_query($query))
{
die('Could not insert into the database:'.mysql_error());
}
}
}
$token = md5(mt_rand(0, 65535));
$_SESSION['token'] = $token;

?>

' method='post'>
Picture:
URl: