PHP uses session and cookies to prevent repeated submission examples_PHP tutorial
WBOYOriginal
2016-07-13 10:43:461072browse
Preventing repeated submissions is a practical and commonly encountered problem in web development. In addition to directly querying the database to filter whether users have submitted the same data, we can also prevent this when users submit data. After discovering similar things, let me introduce some implementation methods to prevent repeated submission based on sessions and cookies.
Prevent refresh or resubmission
So I considered adding a parameter to prevent this kind of situation from happening. COOKIE and SESSION are available, but COOKIE is client-side. If someone disables COOKIE, they can still maliciously refresh the number of clicks. It is better to use SESSION. The MD5 value of IP+URL parameters is used as the SESSION name
Implementation principle Set max_reloadtime =100; //Set the maximum page refresh interval
The first time the user opens the page, the current time is recorded and saved in session_start
The second time the user opens the page (to determine whether session_start exists) subtracts the current time from session_start to get the difference time_passed
When time_passed < max_reloadtime means that the user refreshes frequently within the specified time, exit directly after warning
/* Improved version
PHP prevents users from refreshing the page (Refresh or Reload) and repeatedly submitting form content.
Since the content of the form variable is referenced by $_POST['name'], perhaps after processing the form, $_POST['name'] can be destroyed directly (unset()). Not really. It may be that the page caches the form content by default, so even if $_POST['name'] is destroyed, $_POST['name'] will still be assigned a value after refreshing, and it is still valid.
Can be solved using Session. First assign a value to the Session, such as 400. After the first submission is successful, change the value of the Session. When submitting the second time, check the value of the Session. If it is not 400, the data in the form will no longer be processed.
Can the validity time of Session be set?
*/
If (isset($_POST['action']) && $_POST['action'] == 'submitted') {
session_start();
isset($_SESSION['num']) or die ("no session");
if ($_SESSION['num']==400){
Print ‘& lt; pre & gt;’;
print_r($_POST);
Print ‘& lt;/pre & gt;’;
$_SESSION['num']=500;
Print ‘& lt; pre & gt;’;
print_r($_POST);
echo "However you have submitted";
Print ‘& lt;/pre & gt;’;
} else {
session_start() or die("session is not started"); session_start() or die("session is not started");
$_SESSION['num']= 400;
?>
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn