PHP uses session and cookies to prevent repeated submission examples

Home

Backend Development

PHP Tutorial

PHP uses session and cookies to prevent repeated submission examples_PHP tutorial

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 13, 2016 am 10:43 AM

cookiesphpsessionanduseexistExampledevelopsubmityesWeb pagerepeatprevent

Preventing repeated submissions is a practical and commonly encountered problem in web development. In addition to directly querying the database to filter whether users have submitted the same data, we can also prevent this when users submit data. After discovering similar things, let me introduce some implementation methods to prevent repeated submission based on sessions and cookies.

Prevent refresh or resubmission

So I considered adding a parameter to prevent this kind of situation from happening. COOKIE and SESSION are available, but COOKIE is client-side. If someone disables COOKIE, they can still maliciously refresh the number of clicks. It is better to use SESSION. The MD5 value of IP+URL parameters is used as the SESSION name
Implementation principle Set max_reloadtime =100; //Set the maximum page refresh interval
The first time the user opens the page, the current time is recorded and saved in session_start
The second time the user opens the page (to determine whether session_start exists) subtracts the current time from session_start to get the difference time_passed
When time_passed

The code is as follows

Copy code

代码如下

复制代码

    session_start();
    $k = $_GET['k'];
    $t = $_GET['t'];
    //防刷新时间
    $allowTime = 1800;
    $ip = get_client_ip();
    $allowT = md5($ip . $k . $t);
    if (!isset($_SESSION[$allowT])) {
       $refresh = true;
       $_SESSION[$allowT] = time();
    } elseif (time() - $_SESSION[$allowT] > $allowTime) {
       $refresh = true;
       $_SESSION[$allowT] = time();
    } else {
       $refresh = false;
    }
    ?>

Session_start(); $k = $_GET['k']; $t = $_GET['t']; //Anti-refresh time $allowTime = 1800; $ip = get_client_ip(); $allowT = md5($ip . $k . $t); If (!isset($_SESSION[$allowT])) { $refresh = true; $_SESSION[$allowT] = time(); } elseif (time() - $_SESSION[$allowT] > $allowTime) { $refresh = true; $_SESSION[$allowT] = time(); } else { $refresh = false; } ?>

Prevent duplicate submission of forms

The code is as follows

Copy code

/* Improved version
PHP prevents users from refreshing the page (Refresh or Reload) and repeatedly submitting form content.
Since the content of the form variable is referenced by $_POST['name'], perhaps after processing the form, $_POST['name'] can be destroyed directly (unset()). Not really. It may be that the page caches the form content by default, so even if $_POST['name'] is destroyed, $_POST['name'] will still be assigned a value after refreshing, and it is still valid.
Can be solved using Session. First assign a value to the Session, such as 400. After the first submission is successful, change the value of the Session. When submitting the second time, check the value of the Session. If it is not 400, the data in the form will no longer be processed.
Can the validity time of Session be set?
*/
If (isset($_POST['action']) && $_POST['action'] == 'submitted') {
          session_start();                               isset($_SESSION['num']) or die ("no session");
            if ($_SESSION['num']==400){                                                                              Print ‘& lt; pre & gt;’;
                                                                                                                                                                                                              print_r($_POST);                                                                                                                                                                                                                                                                                                                         Print ‘& lt;/pre & gt;’;
                     $_SESSION['num']=500;                                                                                                                                                                        Print ‘& lt; pre & gt;’;
                                                                                                                                                                                                                                                                              print_r($_POST); echo "However you have submitted";
Print ‘& lt;/pre & gt;’;
                                                                     } else {                                                                       session_start() or die("session is not started"); session_start() or die("session is not started");
           $_SESSION['num']= 400; ?>

        }
    ?>

例，一个基于smarty演示版

echo "请不要刷新本页面或重复提交表单"; exit();

代码如下

代码如下	复制代码
$code = mt_rand(0,1000000); setcookie('addtips',$code,time()+300); if(isset($_POST['submit']) ){ if($_COOKIE['addtips']!= $_POST['code']){ echo "请不要刷新本页面或重复提交表单"; exit(); } } $smarty->assign('code',$code);

复制代码

$code = mt_rand(0,1000000);

setcookie('addtips',$code,time()+300);

if(isset($_POST['submit']) ){

代码如下

复制代码

/*利用PHP的Session功能，也能避免PHP表单重复提交。Session保存在服务器端，在PHP运行过程中可以改变Session变量，下次访问这个变量时，得到的是新赋的值，所以，可以用一个Session变量记录表单提交的值，如果不匹配，则认为是用户在重复提交
*/

session_start();//根据当前SESSION生成随机数
$code = mt_rand(0,1000000);
   $_SESSION['code'] = $code;
//在表单中隐藏传递：
   ">

//在接收页代码如下：

session_start();
if(isset($_POST['originator'])) {
   if($_POST['originator'] ==
   $_SESSION['code']){
   // 处理该表单的语句，省略
}else{
   echo ‘请不要刷新本页面或
   重复提交表单！’;
}
}

if($_COOKIE['addtips']!= $_POST['code']){

} }

$smarty->assign('code',$code);

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Dependency Injection in PHP: Avoiding Common PitfallsMay 16, 2025 am 12:17 AM

DependencyInjection(DI)inPHPenhancescodeflexibilityandtestabilitybydecouplingdependencycreationfromusage.ToimplementDIeffectively:1)UseDIcontainersjudiciouslytoavoidover-engineering.2)Avoidconstructoroverloadbylimitingdependenciestothreeorfour.3)Adhe

How to Speed Up Your PHP Website: Performance TuningMay 16, 2025 am 12:12 AM

ToimproveyourPHPwebsite'sperformance,usethesestrategies:1)ImplementopcodecachingwithOPcachetospeedupscriptinterpretation.2)Optimizedatabasequeriesbyselectingonlynecessaryfields.3)UsecachingsystemslikeRedisorMemcachedtoreducedatabaseload.4)Applyasynch

Sending Mass Emails with PHP: Is it Possible?May 16, 2025 am 12:10 AM

Yes,itispossibletosendmassemailswithPHP.1)UselibrarieslikePHPMailerorSwiftMailerforefficientemailsending.2)Implementdelaysbetweenemailstoavoidspamflags.3)Personalizeemailsusingdynamiccontenttoimproveengagement.4)UsequeuesystemslikeRabbitMQorRedisforb

What is the purpose of Dependency Injection in PHP?May 16, 2025 am 12:10 AM

DependencyInjection(DI)inPHPisadesignpatternthatachievesInversionofControl(IoC)byallowingdependenciestobeinjectedintoclasses,enhancingmodularity,testability,andflexibility.DIdecouplesclassesfromspecificimplementations,makingcodemoremanageableandadapt

How to send an email using PHP?May 16, 2025 am 12:03 AM

The best ways to send emails using PHP include: 1. Use PHP's mail() function to basic sending; 2. Use PHPMailer library to send more complex HTML mail; 3. Use transactional mail services such as SendGrid to improve reliability and analysis capabilities. With these methods, you can ensure that emails not only reach the inbox, but also attract recipients.

How to calculate the total number of elements in a PHP multidimensional array?May 15, 2025 pm 09:00 PM

Calculating the total number of elements in a PHP multidimensional array can be done using recursive or iterative methods. 1. The recursive method counts by traversing the array and recursively processing nested arrays. 2. The iterative method uses the stack to simulate recursion to avoid depth problems. 3. The array_walk_recursive function can also be implemented, but it requires manual counting.

What are the characteristics of do-while loops in PHP?May 15, 2025 pm 08:57 PM

In PHP, the characteristic of a do-while loop is to ensure that the loop body is executed at least once, and then decide whether to continue the loop based on the conditions. 1) It executes the loop body before conditional checking, suitable for scenarios where operations need to be performed at least once, such as user input verification and menu systems. 2) However, the syntax of the do-while loop can cause confusion among newbies and may add unnecessary performance overhead.

How to hash strings in PHP?May 15, 2025 pm 08:54 PM

Efficient hashing strings in PHP can use the following methods: 1. Use the md5 function for fast hashing, but is not suitable for password storage. 2. Use the sha256 function to improve security. 3. Use the password_hash function to process passwords to provide the highest security and convenience.

See all articles