search

Home >Backend Development >PHP Tutorial >How Can I Prevent Unintended Form Resubmission in Web Applications?

How Can I Prevent Unintended Form Resubmission in Web Applications?

Susan Sarandon
Susan SarandonOriginal
2024-11-13 00:43:02618browse

How Can I Prevent Unintended Form Resubmission in Web Applications?

Preventing Unintended Form Resubmission

Form resubmission due to page refresh is a common annoyance in web applications. To handle this issue effectively, it's crucial to employ the following strategies:

Redirect After Submission

Instead of displaying the response on the same page, redirect the user to a separate page once the form is submitted. This ensures that when the refreshed page loads, it's a new GET request and not a repeat of the POST request that has already been processed.

Example:

// submit
// set success flash message (you are using a framework, right?)
header('Location: /path/to/record');
exit;

Disable Browser Caching

To prevent the browser from caching your form, add the following headers to your PHP script:

header('Cache-Control: no-cache, no-store, must-revalidate');
header('Pragma: no-cache');

Unique Page Token

Generate a unique token on the server for each form submission. Include this token as a hidden field in the form and verify it before processing. If the token doesn't match or is missing, discard the request as a duplicate submission.

Example (with session token):

<?php
session_start();

// Generate a unique token and store it in the session
$token = md5(uniqid(mt_rand(), true));
$_SESSION['token'] = $token;

?>

<!DOCTYPE html>
<html>
<body>

<form action="submit.php" method="post">
  <input type="text" name="name">
  <input type="hidden" name="token" value="<?php echo $token; ?>">
  <input type="submit" value="Submit">
</form>

</body>
</html>
<?php
session_start();

// Get the submitted token
$token = $_POST['token'];

// Check if the token matches the session token
if ($token != $_SESSION['token']) {
  // Discard the request
} else {
  // Process the form data
}

Conclusion

By implementing these techniques, you can effectively prevent unwanted form resubmissions due to page refresh and ensure that your web application behaves as intended.

The above is the detailed content of How Can I Prevent Unintended Form Resubmission in Web Applications?. For more information, please follow other related articles on the PHP Chinese website!

php if for include Session Token this issue
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:How to Prevent Direct Access to Files Called by Ajax?Next article:How to Prevent Direct Access to Files Called by Ajax?

Related articles

See more