防止多个PHP表单交付 -PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

防止多个PHP表单交付

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 pm 01:07 PM

checkcookieinputquot

防止多个PHP表单提交

当提交一个HTML表单，它可能需要几秒钟前成功提交，并显示响应页面的形式。人们可以得到空闲，并单击提交按钮几次，这可能会导致重复的表单提交。通常并不真的是一个问题，但在某些情况下，你可能要防止这种情况的发生。

下面你会发现两个简单的技巧，以防止重复提交，您可以使用这些或两者的结合。

?防止多个表单提交使用Javascript

使用Javascript块重复提交可能是最简单的方法。当有人提交表单我们简单地禁用Submit按钮,可能改变它的值为更具描述性的东西,比如“提交,请稍候……”

试着点击这个按钮,例如。它仍将禁用,直到你重新加载此页面:

第一步是要给你的提交按钮一个惟一的id,例如id =“myButton“:

<input type="submit" value="Submit" id="myButton">

第二个(也是最后一次)的步骤是给两个Javascript命令

标记。第一个将告诉浏览器禁用submit按钮的表单被提交之后,第二个将更改按钮的文本来给用户一些知道发生了什么。这是代码添加到你的表单标记:

onsubmit="document.getElementById('myButton').disabled=true;
document.getElementById('myButton').value='Submitting, please wait...';"

你的表单标记将类似于:

就是这样。这种方法应该于大多数的浏览器(IE +,FireFox、Opera、…)。

?防止多个表单提交使用cookie

如果你想避免重复提交的整个浏览器会话（或更长），你可以考虑使用Cookie。例如编辑自己的表单处理脚本的浏览器发送cookie的形式后，已被处理，但在此之前的任何HTML或重定向打印头被。将这段代码的mail（）命令后，应在大多数情况下：

setcookie('FormSubmitted', '1');

然后在处理之前检查cookie。如果有这个访问者已经提交了表单在活跃的浏览器会话。将下列代码添加到窗体的开始处理脚本:

if (isset($_COOKIE['FormSubmitted'])
{
    die('You may only submit this form once per session!');
}

就是这样!
如果修改，以阻止重复提交与cookies。注意：在上面的脚本和cookie的打印代码调用后添加一些代码的mail（）函数：

<?php <span style="color:red">/* Prevent duplicate submissions */
if (isset($_COOKIE['FormSubmitted'])
{
    show_error('You may only submit this form once per session!');
}

/* Set e-mail recipient */
$myemail  = "you@domain.com";

/* Check all form inputs using check_input function */
$yourname = check_input($_POST['yourname'], "Enter your name");
$subject  = check_input($_POST['subject'], "Write a subject");
$email    = check_input($_POST['email']);
$website  = check_input($_POST['website']);
$likeit   = check_input($_POST['likeit']);
$how_find = check_input($_POST['how']);
$comments = check_input($_POST['comments'], "Write your comments");
//www.software8.co 原文
/* If e-mail is not valid show error message */
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email))
{
    show_error("E-mail address not valid");
}

/* If URL is not valid set $website to empty */
if (!preg_match("/^(https?:\/\/+[\w\-]+\.[\w\-]+)/i", $website))
{
    $website = '';
}

/* Let's prepare the message for the e-mail */
$message = "Hello!

Your contact form has been submitted by:

Name: $yourname
E-mail: $email
URL: $website

Like the website? $likeit
How did he/she find it? $how_find

Comments:
$comments

End of message
";

/* Send the message using mail() function */
mail($myemail, $subject, $message);

<span style="color:red">/* Set a cookie to prevent duplicate submissions */
setcookie('FormSubmitted', '1');</span>

/* Redirect visitor to the thank you page */
header('Location: thanks.htm');
exit();

/* Functions we used */
function check_input($data, $problem='')
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    if ($problem && strlen($data) == 0)
    {
        show_error($problem);
    }
    return $data;
}

function show_error($myError)
{
?>
    
    

    <b>Please correct the following error:</b><br>
    <?php echo $myError; ?>

    
    
<?php exit();
}
?

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

What is the difference between absolute and idle session timeouts?May 03, 2025 am 12:21 AM

Absolute session timeout starts at the time of session creation, while an idle session timeout starts at the time of user's no operation. Absolute session timeout is suitable for scenarios where strict control of the session life cycle is required, such as financial applications; idle session timeout is suitable for applications that want users to keep their session active for a long time, such as social media.

What steps would you take if sessions aren't working on your server?May 03, 2025 am 12:19 AM

The server session failure can be solved through the following steps: 1. Check the server configuration to ensure that the session is set correctly. 2. Verify client cookies, confirm that the browser supports it and send it correctly. 3. Check session storage services, such as Redis, to ensure that they are running normally. 4. Review the application code to ensure the correct session logic. Through these steps, conversation problems can be effectively diagnosed and repaired and user experience can be improved.

What is the significance of the session_start() function?May 03, 2025 am 12:18 AM

session_start()iscrucialinPHPformanagingusersessions.1)Itinitiatesanewsessionifnoneexists,2)resumesanexistingsession,and3)setsasessioncookieforcontinuityacrossrequests,enablingapplicationslikeuserauthenticationandpersonalizedcontent.

What is the importance of setting the httponly flag for session cookies?May 03, 2025 am 12:10 AM

Setting the httponly flag is crucial for session cookies because it can effectively prevent XSS attacks and protect user session information. Specifically, 1) the httponly flag prevents JavaScript from accessing cookies, 2) the flag can be set through setcookies and make_response in PHP and Flask, 3) Although it cannot be prevented from all attacks, it should be part of the overall security policy.

What problem do PHP sessions solve in web development?May 03, 2025 am 12:02 AM

PHPsessionssolvetheproblemofmaintainingstateacrossmultipleHTTPrequestsbystoringdataontheserverandassociatingitwithauniquesessionID.1)Theystoredataserver-side,typicallyinfilesordatabases,anduseasessionIDstoredinacookietoretrievedata.2)Sessionsenhances

What data can be stored in a PHP session?May 02, 2025 am 12:17 AM

PHPsessionscanstorestrings,numbers,arrays,andobjects.1.Strings:textdatalikeusernames.2.Numbers:integersorfloatsforcounters.3.Arrays:listslikeshoppingcarts.4.Objects:complexstructuresthatareserialized.

How do you start a PHP session?May 02, 2025 am 12:16 AM

TostartaPHPsession,usesession_start()atthescript'sbeginning.1)Placeitbeforeanyoutputtosetthesessioncookie.2)Usesessionsforuserdatalikeloginstatusorshoppingcarts.3)RegeneratesessionIDstopreventfixationattacks.4)Considerusingadatabaseforsessionstoragei

What is session regeneration, and how does it improve security?May 02, 2025 am 12:15 AM

Session regeneration refers to generating a new session ID and invalidating the old ID when the user performs sensitive operations in case of session fixed attacks. The implementation steps include: 1. Detect sensitive operations, 2. Generate new session ID, 3. Destroy old session ID, 4. Update user-side session information.

See all articles