Home >Backend Development >PHP Tutorial >PHP prevents users from submitting forms repeatedly_php tips

PHP prevents users from submitting forms repeatedly_php tips

WBOY
WBOYOriginal
2016-05-16 20:05:311075browse

When we submit the form, one limitation that cannot be ignored is to prevent users from submitting the form repeatedly, because it is possible that the user clicks the submit button continuously or the attacker maliciously submits data. Then we process the data after submitting it, such as modifying or adding That's when data gets into the database.

Rendering:

So how to avoid the phenomenon of repeated form submission? We can start from many aspects:

First make restrictions from the front end. The front-end JavaScript is disabled after the button is clicked once. This method simply prevents multiple clicks on the submit button, but the disadvantage is that it will not work if the user disables the JavaScript script.

Second, we can do redirect page redirection after submission, that is, jump to a new page after submission, mainly to avoid repeated F5 submissions, but there are also shortcomings.

Third, it is the database has unique index constraints.

Fourth, is to do session token verification.
Let’s now learn how to simply use session token to prevent repeated submission of forms.
We add an input hidden field in the form, that is, type="hidden", whose value is used to save the token value. When the page is refreshed, the token value will change. After submission, it is judged whether the token value is correct. If the token submitted by the front desk If it does not match the background, it is considered to be a duplicate submission.

<&#63;php 
/* 
* PHP简单利用token防止表单重复提交 
*/ 
session_start(); 
header("Content-Type: text/html;charset=utf-8"); 
function set_token() { 
 $_SESSION['token'] = md5(microtime(true)); 
} 
 
function valid_token() { 
 $return = $_REQUEST['token'] === $_SESSION['token'] &#63; true : false; 
 set_token(); 
 return $return; 
} 
 
//如果token为空则生成一个token 
if(!isset($_SESSION['token']) || $_SESSION['token']=='') { 
 set_token(); 
} 
 
if(isset($_POST['web'])){ 
 if(!valid_token()){ 
 echo "token error,请不要重复提交!"; 
 }else{ 
 echo '成功提交,Value:'.$_POST['web']; 
 } 
}else{ 
&#63;> 
 <form method="post" action=""> 
 <input type="hidden" name="token" value="<&#63;php echo $_SESSION['token']&#63;>"> 
 <input type="text" class="input" name="web" value="www.jb51.net"> 
 <input type="submit" class="btn" value="提交" /> 
 </form> 
<&#63;php 
} 
&#63;> 

The above is a simple example to prevent repeated form submission.

In actual project development, the form token will be processed more complexly, which is what we call token verification. Possible processing includes: Verify the source domain, that is, the source, whether it is an external submission; match the action to be performed, which is to add, modify or delete; the second and most important thing is To construct a token, the token can use the reversible encryption algorithm as complex as possible, because the plaintext is still insecure.

The above is how to solve the problem of preventing users from submitting forms repeatedly. I hope it will be helpful to everyone's learning.

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn