PHP prevents repeated submission of problems summary_PHP tutorial

When the user submits the form, the same record may be repeatedly inserted into the database due to network speed or the web page is maliciously refreshed. This is a relatively thorny problem. We can start from the client and server side together to try to avoid repeated submission of the same form.​

1． Use client script

When it comes to client-side scripts, JavaScript is often used for general input validation. In the following example, we use it to handle the repeated submission of the form, please see the following code:

When the user clicks the "Submit" button, the button will become gray and unavailable, as shown in Figure 5-6.

In the above example, the OnClick event is used to detect the user's submission status. If the "Submit" button is clicked, the button is immediately disabled and the user cannot click the button to submit again.

There is another method, which also uses the function of JavaScript, but uses the OnSubmit() method. If the form has been submitted once, a dialog box will pop up immediately. The code is as follows:

In the above example, if the user has clicked the "Submit" button, the script will automatically record the current status and increase the submitcount variable by 1. When the user attempts to submit again, the script determines that the submitcount variable value is non-zero. Prompts the user that the form has been submitted to avoid repeated submission of the form.

2． Use cookies

Use Cookie to record the status of form submission. Based on its status, you can check whether the form has been submitted. Please see the following code:

if(isset($_POST['go'])){

setcookie("tempcookie","",time()+30);

header("Location:".$_SERVER[PHP_SELF]);

exit();

}

if(isset($_COOKIE["tempcookie"])){

setcookie("tempcookie","",0);

echo "You have already submitted the form";

}

?>

If the client disables cookies, this method will have no effect. Please note this. For a detailed introduction to Cookies, please refer to Chapter 10 "PHP Session Management".

3． Use Session processing

Using PHP’s Session function can also avoid repeated submission of forms. Session is saved on the server side. The Session variable can be changed while PHP is running. The next time you access this variable, you will get the newly assigned value. Therefore, you can use a Session variable to record the value submitted by the form. If it does not match, it is considered The user is submitting repeatedly, please see the following code:

session_start();

//Generate random numbers based on the current SESSION

$code = mt_rand(0,1000000);

$_SESSION['code'] = $code;

?>

Pass random numbers as hidden values ​​on the page form, the code is as follows:

The PHP code on the receiving page is as follows:

session_start();

if(isset($_POST['originator'])) {

if($_POST['originator'] == $_SESSION['code']){

// Statement to process the form, omit

}else{

echo ‘Please do not refresh this page or submit the form repeatedly! ’;

}

}

?>

Regarding the content of Session, we will discuss it in detail in Chapter 10 "PHP Session Management". You can check this chapter directly, and then return to this section to continue reading.

4． Use header function to redirect

In addition to the above method, there is a simpler method, that is, when the user submits the form, the server side processes it and immediately redirects to other pages. The code is as follows.

if (isset($_POST['action']) && $_POST['action'] == 'submitted') {

//Process data, such as inserting data and immediately redirecting to other pages

header('location:submits_success.php');

}

In this way, even if the user uses the refresh key, it will not cause repeated submission of the form, because it has been redirected to a new page, and this page script no longer cares about any submitted data.

5.8.4 Handling of form expiration

During the development process, it often happens that a form error occurs and all the information filled in when returning to the page is lost. In order to support page bounce, the following two methods can be used to achieve this.

1． Use the header header to set the cache control header Cache-control.

header('Cache-control: private, must-revalidate'); //Support page bounce

2． Use the session_cache_limiter method.

session_cache_limiter('private, must-revalidate'); //To be written before the session_start method

The following code snippet can prevent the user from filling in the form and clicking the "Submit" button to return, and the content just filled in the form will not be cleared:

session_cache_limiter('nocache');

session_cache_limiter('private');

session_cache_limiter('public');

session_start();

//The following is the content of the form, so that when the user returns to the form, the filled-in content will not be cleared

Just paste this code at the top of the script you want to apply.

Cache-Control message header field description

Cache-Control specifies the caching mechanism that requests and responses follow. Setting Cache-Control in a request message or response message does not modify the caching process during the processing of another message.

The caching instructions in the request include no-cache, no-store, max-age, max-stale, min-fresh and only-if-cached. The instructions in the response message include public, private, no-cache, no -store, no-transform, must-revalidate, proxy-revalidate and max-age. The meaning of instructions in each message is shown in Table 5-3.

Caching directives

Say Ming

public

Indicates that the response can be cached in any cache

private

Indicates that the entire or partial response message for a single user cannot be processed by the shared cache. This allows the server to only describe part of the user's response message, which is invalid for other user requests

no-cache

Indicates that the request or response message cannot be cached

no-store

Used to prevent important information from being released unintentionally. Sending in the request message will cause both the request and response messages to not use caching

max-age

Indicates that the client can receive responses with a lifetime no greater than the specified time in seconds

min-fresh

Indicates that the client can receive responses with a response time less than the current time plus the specified time

max-stale

Indicates that the client can receive response messages beyond the timeout period. If the value of max-stale message is specified, then the client can receive response messages that exceed the specified value of the timeout period

For an introduction to Session and Cookies, please refer to Chapter 10 "PHP Session Management" for details.

5.8.5 Techniques for judging form actions

The form can allocate the actions that should be processed through the same program. There are different logics in the form. How to determine the content of the button pressed by the user is just a small problem.

In fact, you only need to know the name of the submit button. When the form is submitted, only the button of the submit type that is pressed will be sent to the form array, so you can know the user by just judging the value of the button. Which button to press, take the following form as an example:

When the user presses the "a" button, btn=a, and presses the "b" button, then btn=b.

You can also judge by the name of the submit button, please see the following code:

In this way, as long as there is a or b in the POST/GET parameter, you can know which button is pressed.

print_r($_POST);

?>

http://www.bkjia.com/PHPjc/477665.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/477665.htmlTechArticleWhen the user submits the form, it may be due to network speed or the webpage is maliciously refreshed, causing the same record to be repeatedly inserted into In the database, this is a more difficult problem. We can start from...