PHP prevents users from submitting forms repeatedly, PHP prevents forms from being submitted_PHP tutorial

php prevents users from submitting forms repeatedly, php prevents forms from being submitted

When we submit a form, a limitation that cannot be ignored is to prevent users from submitting forms repeatedly, because it is possible for users to click continuously If the submit button is disabled or an attacker maliciously submits data, then we will get into trouble when processing after submitting the data, such as modifying or adding data to the database.

Rendering:

So how to avoid the phenomenon of repeated form submission? We can start from many aspects:

First make restrictions from the front end. The front-end JavaScript is disabled after the button is clicked once. This method simply prevents multiple clicks on the submit button, but the disadvantage is that it will not work if the user disables the JavaScript script.

Second, we can do redirect page redirection after submission, that is, jump to a new page after submission, mainly to avoid repeated F5 submissions, but there are also shortcomings.

Third, it is the database has unique index constraints.

Fourth, is to do session token verification.
Let’s now learn how to simply use session token to prevent repeated submission of forms.
We add an input hidden field in the form, that is, type="hidden", whose value is used to save the token value. When the page is refreshed, the token value will change. After submission, it is judged whether the token value is correct. If the token submitted by the front desk If it does not match the background, it is considered to be a duplicate submission.

<&#63;php 
/* 
* PHP简单利用token防止表单重复提交 
*/ 
session_start(); 
header("Content-Type: text/html;charset=utf-8"); 
function set_token() { 
 $_SESSION['token'] = md5(microtime(true)); 
} 
 
function valid_token() { 
 $return = $_REQUEST['token'] === $_SESSION['token'] &#63; true : false; 
 set_token(); 
 return $return; 
} 
 
//如果token为空则生成一个token 
if(!isset($_SESSION['token']) || $_SESSION['token']=='') { 
 set_token(); 
} 
 
if(isset($_POST['web'])){ 
 if(!valid_token()){ 
 echo "token error，请不要重复提交！"; 
 }else{ 
 echo '成功提交，Value:'.$_POST['web']; 
 } 
}else{ 
&#63;> 
 <form method="post" action=""> 
 <input type="hidden" name="token" value="<&#63;php echo $_SESSION['token']&#63;>"> 
 <input type="text" class="input" name="web" value="www.jb51.net"> 
 <input type="submit" class="btn" value="提交" /> 
 </form> 
<&#63;php 
} 
&#63;> 

The above is a simple example to prevent repeated form submission.

In actual project development, the form token will be processed more complexly, which is what we call token verification. Possible processing includes: Verify the source domain, that is, the source, whether it is an external submission; match the action to be performed, which is to add, modify or delete; the second and most important thing is To construct a token, the token can use the reversible encryption algorithm as complex as possible, because the plaintext is still insecure.

The above is how to solve the problem of preventing users from submitting forms repeatedly. I hope it will be helpful to everyone's study.

http://www.bkjia.com/PHPjc/1067303.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/1067303.htmlTechArticlephp prevents users from submitting forms repeatedly, php prevents form submissions When we submit a form, a limitation that cannot be ignored is to prevent The user submits the form repeatedly because it is possible that the user clicks continuously...