Detailed explanation of preventing repeated submission of forms in php

When the user submits the form, the same record may be repeatedly inserted into the database due to network speed or the webpage is maliciously refreshed. Therefore, a limitation that cannot be ignored is to prevent users from repeatedly submitting the form, because the user may click continuously. Submit button or an attacker maliciously submits data, then we will get into trouble when processing after submitting the data, such as modifying or adding data to the database.

So how to avoid the phenomenon of repeated form submission? It needs to be restricted from many aspects. Let's summarize some common methods in PHP to prevent repeated submission of forms.

First, first make restrictions from the front end.

Front-end JavaScript is disabled after the button is clicked once, that is, disabled. This method simply prevents multiple clicks on the submit button, but the disadvantage is that if the user disables the javascript script, Invalid.

Mentioned by the customer In the following example, we use it to handle the repeated submission problem of the form, please look at the following code:

<form method="post" name="register" action="test.PHP" enctype="multipart/form-data">
<input name="text" type="text" id="text" />
<input name="cont" value="提交" type="button" onClick="document.register.cont.value=&#39;正在提交,请等待...&#39;;document.register.cont.disabled=true;document.the_form.submit();">
</form>

When the user clicks the "Submit" button, the button It will become gray and unavailable

There is another method, which also uses the function of JavaScript, but uses the OnSubmit() method. If the form has been submitted once, a dialog box will pop up immediately. The code is as follows:

<script language="javascript">
<!--
var submitcount=0;
function submitOnce (form){
if (submitcount == 0){
     submitcount++;
     return true;
} else{
    alert("正在操作，请不要重复提交，谢谢！");
    return false;
}
}
//-->
</script>
<form name="the_form" method="post" action="" onSubmit="return submitOnce(this)">
<input name="text" type="text" id="text" />
<input name="cont" value="提交" type="submit">
</form>

In the above example, if the user has clicked the "Submit" button, the script will automatically record the current status and increase the submitcount variable by 1 when the user attempts to submit again. , the script determines that the submitcount variable value is non-zero, and prompts the user that the form has been submitted, thereby avoiding repeated submission of the form.

Second, use Cookie processing

Use Cookie to record the status of form submission. Based on its status, you can check whether the form has been submitted. Please see the following code:

<?php
if(isset($_POST[&#39;Go&#39;])){
    setcookie("tempcookie","",time()+30);
    header("Location:".$_SERVER[PHP_SELF]);
    exit();
}
if(isset($_COOKIE["tempcookie"])){
    setcookie("tempcookie","",0);
    echo "您已经提交过表单";
}
?>

If the client disables cookies, this method will have no effect. Please note this.

Third, use Session processing

Using the Session function of PHP can also avoid repeated submission of forms. Session is saved on the server side. The Session variable can be changed while PHP is running. The next time you access this variable, you will get the newly assigned value. Therefore, you can use a Session variable to record the value submitted by the form. If it does not match, it is considered The user is submitting repeatedly, please see the following code:

<?php
    session_start();
    //根据当前SESSION生成随机数
    $code = mt_rand(0,1000000);
    $_SESSION[&#39;code&#39;] = $code;
?>

Pass the random number as a hidden value on the page form, the code is as follows:

<input type="hidden" name="originator" value="<?=$code?>">

The PHP code on the receiving page is as follows:

<?php
session_start();
if(isset($_POST[&#39;originator&#39;])) {
    if($_POST[&#39;originator&#39;] == $_SESSION[&#39;code&#39;]){
        // 处理该表单的语句，省略
    }else{
        echo ‘请不要刷新本页面或重复提交表单！’;
    }
}
?>

Fourth, use the header function to redirect

In addition to the above method, there is a simpler method, that is, when the user submits the form, the server side processes it Then immediately redirect to other pages, the code is as follows.

if (isset($_POST['action']) && $_POST['action'] == 'submitted') {
    //处理数据，如插入数据后，立即转向到其他页面
    header('location:submits_success.php');
}

In this way, even if the user uses the refresh key, it will not cause repeated submission of the form, because it has been redirected to a new page, and this page script has ignored any submitted data.

The above is the detailed content of Detailed explanation of preventing repeated submission of forms in php. For more information, please follow other related articles on the PHP Chinese website!