How to limit the submission of the same form multiple times in an ASP application

We encounter countless forms on the Internet every day, and most of them do not restrict users from submitting the same form multiple times. The lack of such restrictions can sometimes produce unexpected results, such as repeating a subscription to a mail service or repeating a ballot.

This article describes an easy way to prevent users from submitting the same form multiple times during the current session in an ASP application. It is mainly composed of four subroutines, in a simpler application, you simply put the code in the containing file directly referenced can be, for those more complex environment, we at the end of the article to give some suggestions for improvement.

First, the basic work process

Let's discuss the four subroutines in turn.

(i) initialization

Here we want to save two variables in the Session object, where:

⑴ each form corresponds to a unique identifier called a FID, in order to make the value unique to use a single counter.

⑵ each time a form is successfully committed, it must store its FID in a Dictionary object.

We use a dedicated process to initialize the above data. Although each subroutine will call it later, it is actually executed once per session:

Sub Initializefid ()

If not IsObject (the session ("Fidlist")) Then the Set session ("Fidlist") =server.createobject ("Scripting.Dictionary")

Session ("FID") =0 end If End Sub

(ii) Generate unique identifiers for the form

The following function, Generatefid (), is used to generate a unique flag for a form. The function first adds the FID value to 1, and then returns it:

Function Generatefid ()

Initializefid session ("FID") = Sessions ("FID") + 1 Generatefid = Session ("FID")

End Function

(iii) Registration of submitted forms

When the form is successfully submitted, it registers its unique identity in the Dictionary object:

Sub Registerfid ()

Dim strfid Initializefid Strfid = Request ("FID")

Session ("Fidlist"). Add Strfid, now ()

End Sub

(iv) Check if the form is submitted repeatedly

Before you formally process a user-submitted form, you should check to see if its FID is registered in the Dictionary object. The following Checkfid () function completes this work, and returns False if it has been registered, otherwise returns true:

Function Checkfid ()

Dim strfid Initializefid Strfid = Request ("FID")

Checkfid = Not session ("Fidlist"). Exists (Strfid)

End Function

Second, how to use

There are two places to use the above function, that is, when the form is generated and when the results are processed. Assuming that the above four subroutines have been put into the include file Forms.inc, the following code determines whether to generate a form or process a form result based on the FID value, and the process described is appropriate for most ASP applications:

<%option explicit%> <! ---#include file= "Forms.inc"--> < html> < head> < title> form submission Test </title>

Generateform is responsible for generating the form, and the form should contain a hidden fid, such as:

<% Sub Generateform ()

%> < form action= "<%=request.servervariables (" Path_info ")%>" Method=get> < input Type=hidden name= FID value= "<%=generatefid ()%>" > < input type=text name= "param1" value= "" > < input type=submit value= "O K "> </form> <% end Sub%>

ProcessForm is responsible for processing content submitted through the form, but before processing it should call Checkfid () to check whether the current form has been committed, code class such as:<% Sub processform ()

If Checkfid () Then Response.Write "What you entered is" & Request.QueryString ("param1")

Registerfid Else Response.Write "This form can only be submitted once!" "End If End Sub%>

III. Limitations and improvement measures

Above we describe a method that restricts the submission of the same form multiple times during the current session. In practical applications, improvements may need to be made in a number of ways, such as:

⑴ the legality of the user input data before the registration form ID, making the data illegal, the user can press the Back button to return and submit the same form again after the correction.

⑵ This restriction on form submission can only be valid during the current session. If this restriction is required to span multiple sessions, it is necessary to use a Cookeis or database to hold the relevant data.

⑶ This method is not safe. It is only used to guard against misoperation and does not prevent skilled users from intentionally submitting the same form multiple times.