Avoid Race-Condition

Always either update the state or throw

contract C {
  bool bought;
  ...
  function buy(string name) {
    if (bought) throw;
    bought = true;
    ...
  }
}

use the state-machine pattern with modifiers

even if only one user: UI buttons are easily clicked twice