Summary of methods to prevent repeated submission of PHP pages

Summary of methods to prevent repeated submission of PHP pages_PHP tutorial

WBOY

Release： 2016-07-13 10:25:08

Original

964 people have browsed it

1. The submit button is disabled

When the user submits, the button is immediately disabled. This is implemented using js.

Before submission

Copy the code The code is as follows:

$("#submit").attr('disabled' ,'true');
$("#submit").val("Submitting, please wait");

..................................

After execution, set the button to its original state

Copy code The code is as follows:

$('#submit ').removeAttr('disabled');
$("#submit ").val("Confirm submission");

2. Expiration time method

Idea: When the user submits the button, a token is generated (the token is a unique value for each business submission) and stored in the session, and the expiration time is set. When the user submits again, check whether the token is consistent and expired. If it is consistent and has not expired, it is considered to have been submitted twice. When an error occurs during program execution, the value stored in the session needs to be cleared. See the procedure below

Copy code The code is as follows:

function checkRepeatSubmit($uniqueid = '', $expire = 30) {

$uniqueid = empty($uniqueid) ? Yii::app()->user->id . Yii::app()->user->name . Yii::app()-> ;user->mihome : $uniqueid;
$token = md5("wms_check_repeat" . $uniqueid);

$time = time();

If (isset($_SESSION['token']) && !empty($_SESSION['token']) && $_SESSION['token'] == $token && ($time - $_SESSION['expire_time' ] < $expire)) {

return false;
Write

session_write_close();

return true;
}
}

//Delete the stored value

function cancelRepeatSubmit() {

unset($_SESSION['token']);

unset($_SESSION['expire_time']);

}

3. Token destruction method

Idea: When the page is added, a token is generated, stored in the session, and written in the form. When the form is submitted, it is submitted to the server along with the form. The server compares the token stored in the session with the token. If they are equal, the token stored in the seesion is destroyed. When the page is submitted a second time, the token stored in the session is stored in the session. The token in does not exist and an error is reported. The following is the code

Copy the code

The code is as follows:

/**
* The second option
* 1. Generate token and store it in the session
* 2. Generate with the page
* 3. Compare the submitted page with the session, and destroy the session after success
* 4. In the second submission, this value does not exist and an error is reported
* @param type $uniqueid
* @return type
*/
function createToken($uniqueid) {

$uniqueid = empty($uniqueid) ? Yii::app()->user->id . Yii::app()->user->name . Yii::app()-> ;user->mihome : $uniqueid;
$token = md5("wms_check2_repeat" . $uniqueid);
$_SESSION['form_token'] = $token;

session_write_close();

return $token;
}

function checkToken($token) {

if (!isset($_SESSION['form_token']) || empty($_SESSION['form_token']) || $_SESSION['form_token'] != $token) {
return false;} else {
unset ($ _ session ['form_token']);
The three methods are summarized above. I personally feel that the first and second methods will achieve better results when used together. The second method and the third method. Personally, I feel that the third method has advantages.

The second and third methods both write the token in the session. The advantage of this method is to save storage space, but the disadvantage is that the session requires the entire page to be loaded before it can be written, so when the entire page is loaded, the It is slow, and the user clicks submit multiple times. The system may still think it is the first input because the session has not been written yet. Causes verification to not work. Fortunately, the php function provides an awesome function. session_write_close(), you can write the session immediately without waiting for the page to load. Colleagues also have many options for storing sessions, including redis, memcache or database.

http://www.bkjia.com/PHPjc/825207.html

www.bkjia.com

true