Home > Backend Development > PHP Tutorial > PHP uses session and cookies to prevent repeated submission examples_PHP tutorial

PHP uses session and cookies to prevent repeated submission examples_PHP tutorial

WBOY
Release: 2016-07-13 10:43:46
Original
1072 people have browsed it

Preventing repeated submissions is a practical and commonly encountered problem in web development. In addition to directly querying the database to filter whether users have submitted the same data, we can also prevent this when users submit data. After discovering similar things, let me introduce some implementation methods to prevent repeated submission based on sessions and cookies.

Prevent refresh or resubmission

So I considered adding a parameter to prevent this kind of situation from happening. COOKIE and SESSION are available, but COOKIE is client-side. If someone disables COOKIE, they can still maliciously refresh the number of clicks. It is better to use SESSION. The MD5 value of IP+URL parameters is used as the SESSION name
Implementation principle Set max_reloadtime =100; //Set the maximum page refresh interval
The first time the user opens the page, the current time is recorded and saved in session_start
The second time the user opens the page (to determine whether session_start exists) subtracts the current time from session_start to get the difference time_passed
When time_passed < max_reloadtime means that the user refreshes frequently within the specified time, exit directly after warning

The code is as follows Copy code
代码如下 复制代码

session_start();
$k = $_GET['k'];
$t = $_GET['t'];
//防刷新时间
$allowTime = 1800;
$ip = get_client_ip();
$allowT = md5($ip . $k . $t);
if (!isset($_SESSION[$allowT])) {
$refresh = true;
$_SESSION[$allowT] = time();
} elseif (time() - $_SESSION[$allowT] > $allowTime) { 
       $refresh = true; 
       $_SESSION[$allowT] = time(); 
    } else { 
       $refresh = false; 
    } 
    ?>  

Session_start(); <🎜> $k = $_GET['k']; <🎜> $t = $_GET['t']; <🎜> //Anti-refresh time <🎜> $allowTime = 1800; <🎜> $ip = get_client_ip(); <🎜> $allowT = md5($ip . $k . $t); <🎜> If (!isset($_SESSION[$allowT])) { <🎜> $refresh = true; <🎜>         $_SESSION[$allowT] = time(); <🎜> } elseif (time() - $_SESSION[$allowT] > $allowTime) { $refresh = true;         $_SESSION[$allowT] = time(); } else { $refresh = false; }   ?>


Prevent duplicate submission of forms

The code is as follows Copy code

/* Improved version
PHP prevents users from refreshing the page (Refresh or Reload) and repeatedly submitting form content.
Since the content of the form variable is referenced by $_POST['name'], perhaps after processing the form, $_POST['name'] can be destroyed directly (unset()). Not really. It may be that the page caches the form content by default, so even if $_POST['name'] is destroyed, $_POST['name'] will still be assigned a value after refreshing, and it is still valid.
Can be solved using Session. First assign a value to the Session, such as 400. After the first submission is successful, change the value of the Session. When submitting the second time, check the value of the Session. If it is not 400, the data in the form will no longer be processed.
Can the validity time of Session be set? 
*/
If (isset($_POST['action']) && $_POST['action'] == 'submitted') {
          session_start();                               isset($_SESSION['num']) or die ("no session");
            if ($_SESSION['num']==400){                                                                              Print ‘& lt; pre & gt;’;
                                                                                                                                                                                                              print_r($_POST);                                                                                                                                                                                                                                                                                                                        ​  Print ‘& lt;/pre & gt;’;
                     $_SESSION['num']=500;                                                                                                                                                                        Print ‘& lt; pre & gt;’;
                                                                                                                                                                                                                                                                              print_r($_POST); echo "However you have submitted";
Print ‘& lt;/pre & gt;’;
                                                                     } else {                                                                       session_start() or die("session is not started"); session_start() or die("session is not started");
           $_SESSION['num']= 400; ?>  


Name:

Email:

Beer:


     
         
         
   
     
        }      
    ?> 


例,一个基于smarty演示版

  echo "请不要刷新本页面或重复提交表单"; exit();
 代码如下
 代码如下 复制代码


$code = mt_rand(0,1000000);
setcookie('addtips',$code,time()+300);
if(isset($_POST['submit']) ){    
if($_COOKIE['addtips']!= $_POST['code']){            
  echo "请不要刷新本页面或重复提交表单";
exit();
}
}
$smarty->assign('code',$code);

复制代码

$code = mt_rand(0,1000000);

setcookie('addtips',$code,time()+300);

if(isset($_POST['submit']) ){    
 代码如下 复制代码

1.

/*利用PHP的Session功能,也能避免PHP表单重复提交。Session保存在服务器端,在PHP运行过程中可以改变Session变量,下次访问这个变量时,得到的是新赋的值,所以,可以用一个Session变量记录表单提交的值,如果不匹配,则认为是用户在重复提交
*/


  session_start();//根据当前SESSION生成随机数  
  $code = mt_rand(0,1000000);  
   $_SESSION['code'] = $code;  
//在表单中隐藏传递:
   < input type="hidden" name="originator" value="< ?=$code?>">

//在接收页代码如下:


 session_start();  
  if(isset($_POST['originator'])) {  
   if($_POST['originator'] ==
   $_SESSION['code']){  
   // 处理该表单的语句,省略  
  }else{  
   echo ‘请不要刷新本页面或
   重复提交表单!’;  
  }  
  }

if($_COOKIE['addtips']!= $_POST['code']){            
} }

$smarty->assign('code',$code);

10./////防止表单重复提交 在tpl模板中  
 代码如下 复制代码
1. /*利用PHP的Session功能,也能避免PHP表单重复提交。Session保存在服务器端,在PHP运行过程中可以改变Session变量,下次访问这个变量时,得到的是新赋的值,所以,可以用一个Session变量记录表单提交的值,如果不匹配,则认为是用户在重复提交
*/
  session_start();//根据当前SESSION生成随机数     $code = mt_rand(0,1000000);      $_SESSION['code'] = $code;   //在表单中隐藏传递:    < input type="hidden" name="originator" value="< ?=$code?>"> //在接收页代码如下:  session_start();     if(isset($_POST['originator'])) {      if($_POST['originator'] ==    $_SESSION['code']){      // 处理该表单的语句,省略     }else{      echo ‘请不要刷新本页面或    重复提交表单!’;     }     } http://www.bkjia.com/PHPjc/633153.htmlwww.bkjia.comtruehttp://www.bkjia.com/PHPjc/633153.htmlTechArticle在网页开发中防止重复提交是一个比较实用并且也常用碰到的问题了,除了我们可以直接在数据库查询用户是否提交相同数据进行过滤外,...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template