Home Backend Development PHP Tutorial PHP prevents repeated submission of problems summary_PHP tutorial

PHP prevents repeated submission of problems summary_PHP tutorial

Jul 14, 2016 am 10:09 AM
php refresh reason Summarize malicious submit hour user of Internet speed Web page form repeat question prevent

When the user submits the form, the same record may be repeatedly inserted into the database due to network speed or the web page is maliciously refreshed. This is a relatively thorny problem. We can start from the client and server side together to try to avoid repeated submission of the same form.​

1. Use client script
When it comes to client-side scripts, JavaScript is often used for general input validation. In the following example, we use it to handle the repeated submission of the form, please see the following code:
When the user clicks the "Submit" button, the button will become gray and unavailable, as shown in Figure 5-6.
In the above example, the OnClick event is used to detect the user's submission status. If the "Submit" button is clicked, the button is immediately disabled and the user cannot click the button to submit again.
There is another method, which also uses the function of JavaScript, but uses the OnSubmit() method. If the form has been submitted once, a dialog box will pop up immediately. The code is as follows:
In the above example, if the user has clicked the "Submit" button, the script will automatically record the current status and increase the submitcount variable by 1. When the user attempts to submit again, the script determines that the submitcount variable value is non-zero. Prompts the user that the form has been submitted to avoid repeated submission of the form.
2. Use cookies
Use Cookie to record the status of form submission. Based on its status, you can check whether the form has been submitted. Please see the following code:
if(isset($_POST['go'])){
setcookie("tempcookie","",time()+30);
header("Location:".$_SERVER[PHP_SELF]);
exit();
}
if(isset($_COOKIE["tempcookie"])){
setcookie("tempcookie","",0);
echo "You have already submitted the form";
}
?>
If the client disables cookies, this method will have no effect. Please note this. For a detailed introduction to Cookies, please refer to Chapter 10 "PHP Session Management".
3. Use Session processing
Using PHP’s Session function can also avoid repeated submission of forms. Session is saved on the server side. The Session variable can be changed while PHP is running. The next time you access this variable, you will get the newly assigned value. Therefore, you can use a Session variable to record the value submitted by the form. If it does not match, it is considered The user is submitting repeatedly, please see the following code:
session_start();
//Generate random numbers based on the current SESSION
$code = mt_rand(0,1000000);
$_SESSION['code'] = $code;
?>
Pass random numbers as hidden values ​​on the page form, the code is as follows:
The PHP code on the receiving page is as follows:
session_start();
if(isset($_POST['originator'])) {
if($_POST['originator'] == $_SESSION['code']){
// Statement to process the form, omit
}else{
echo ‘Please do not refresh this page or submit the form repeatedly! ’;
}
}
?>
Regarding the content of Session, we will discuss it in detail in Chapter 10 "PHP Session Management". You can check this chapter directly, and then return to this section to continue reading.
4. Use header function to redirect
In addition to the above method, there is a simpler method, that is, when the user submits the form, the server side processes it and immediately redirects to other pages. The code is as follows.
if (isset($_POST['action']) && $_POST['action'] == 'submitted') {
//Process data, such as inserting data and immediately redirecting to other pages
header('location:submits_success.php');
}
In this way, even if the user uses the refresh key, it will not cause repeated submission of the form, because it has been redirected to a new page, and this page script no longer cares about any submitted data.
5.8.4 Handling of form expiration
During the development process, it often happens that a form error occurs and all the information filled in when returning to the page is lost. In order to support page bounce, the following two methods can be used to achieve this.
1. Use the header header to set the cache control header Cache-control.
header('Cache-control: private, must-revalidate'); //Support page bounce
2. Use the session_cache_limiter method.
session_cache_limiter('private, must-revalidate'); //To be written before the session_start method
The following code snippet can prevent the user from filling in the form and clicking the "Submit" button to return, and the content just filled in the form will not be cleared:
session_cache_limiter('nocache');
session_cache_limiter('private');
session_cache_limiter('public');
session_start();
//The following is the content of the form, so that when the user returns to the form, the filled-in content will not be cleared
Just paste this code at the top of the script you want to apply.
Cache-Control message header field description
Cache-Control specifies the caching mechanism that requests and responses follow. Setting Cache-Control in a request message or response message does not modify the caching process during the processing of another message.
The caching instructions in the request include no-cache, no-store, max-age, max-stale, min-fresh and only-if-cached. The instructions in the response message include public, private, no-cache, no -store, no-transform, must-revalidate, proxy-revalidate and max-age. The meaning of instructions in each message is shown in Table 5-3.
Caching directives
Say Ming
public
Indicates that the response can be cached in any cache
private
Indicates that the entire or partial response message for a single user cannot be processed by the shared cache. This allows the server to only describe part of the user's response message, which is invalid for other user requests
no-cache
Indicates that the request or response message cannot be cached
no-store
Used to prevent important information from being released unintentionally. Sending in the request message will cause both the request and response messages to not use caching
max-age
Indicates that the client can receive responses with a lifetime no greater than the specified time in seconds
min-fresh
Indicates that the client can receive responses with a response time less than the current time plus the specified time
max-stale
Indicates that the client can receive response messages beyond the timeout period. If the value of max-stale message is specified, then the client can receive response messages that exceed the specified value of the timeout period
For an introduction to Session and Cookies, please refer to Chapter 10 "PHP Session Management" for details.
5.8.5 Techniques for judging form actions
The form can allocate the actions that should be processed through the same program. There are different logics in the form. How to determine the content of the button pressed by the user is just a small problem.
In fact, you only need to know the name of the submit button. When the form is submitted, only the button of the submit type that is pressed will be sent to the form array, so you can know the user by just judging the value of the button. Which button to press, take the following form as an example:
When the user presses the "a" button, btn=a, and presses the "b" button, then btn=b.
You can also judge by the name of the submit button, please see the following code:
In this way, as long as there is a or b in the POST/GET parameter, you can know which button is pressed.
print_r($_POST);
?>

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/477665.htmlTechArticleWhen the user submits the form, it may be due to network speed or the webpage is maliciously refreshed, causing the same record to be repeatedly inserted into In the database, this is a more difficult problem. We can start from...
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian Dec 24, 2024 pm 04:42 PM

PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati

How To Set Up Visual Studio Code (VS Code) for PHP Development How To Set Up Visual Studio Code (VS Code) for PHP Development Dec 20, 2024 am 11:31 AM

Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c

7 PHP Functions I Regret I Didn't Know Before 7 PHP Functions I Regret I Didn't Know Before Nov 13, 2024 am 09:42 AM

If you are an experienced PHP developer, you might have the feeling that you’ve been there and done that already.You have developed a significant number of applications, debugged millions of lines of code, and tweaked a bunch of scripts to achieve op

How do you parse and process HTML/XML in PHP? How do you parse and process HTML/XML in PHP? Feb 07, 2025 am 11:57 AM

This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an

Explain JSON Web Tokens (JWT) and their use case in PHP APIs. Explain JSON Web Tokens (JWT) and their use case in PHP APIs. Apr 05, 2025 am 12:04 AM

JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,

PHP Program to Count Vowels in a String PHP Program to Count Vowels in a String Feb 07, 2025 pm 12:12 PM

A string is a sequence of characters, including letters, numbers, and symbols. This tutorial will learn how to calculate the number of vowels in a given string in PHP using different methods. The vowels in English are a, e, i, o, u, and they can be uppercase or lowercase. What is a vowel? Vowels are alphabetic characters that represent a specific pronunciation. There are five vowels in English, including uppercase and lowercase: a, e, i, o, u Example 1 Input: String = "Tutorialspoint" Output: 6 explain The vowels in the string "Tutorialspoint" are u, o, i, a, o, i. There are 6 yuan in total

Explain late static binding in PHP (static::). Explain late static binding in PHP (static::). Apr 03, 2025 am 12:04 AM

Static binding (static::) implements late static binding (LSB) in PHP, allowing calling classes to be referenced in static contexts rather than defining classes. 1) The parsing process is performed at runtime, 2) Look up the call class in the inheritance relationship, 3) It may bring performance overhead.

What are PHP magic methods (__construct, __destruct, __call, __get, __set, etc.) and provide use cases? What are PHP magic methods (__construct, __destruct, __call, __get, __set, etc.) and provide use cases? Apr 03, 2025 am 12:03 AM

What are the magic methods of PHP? PHP's magic methods include: 1.\_\_construct, used to initialize objects; 2.\_\_destruct, used to clean up resources; 3.\_\_call, handle non-existent method calls; 4.\_\_get, implement dynamic attribute access; 5.\_\_set, implement dynamic attribute settings. These methods are automatically called in certain situations, improving code flexibility and efficiency.

See all articles