Example of PHP preventing duplicate submission of forms

One of the limitations we can't ignore when we submit a form is to prevent users from repeatedly submitting the form, because it's possible that the user clicks the Submit button consecutively or that the attacker maliciously submits the data, so we get into trouble when we commit the data, such as modifying or adding data to the database.

So how to circumvent the repeated submission of the form in this phenomenon? We can start from a number of aspects, first from the front limit. Front-end JavaScript is disabled after the button is clicked once, that is, disabled, a simple way to prevent multiple clicks on the Submit button, but the disadvantage is that if the user disables JavaScript scripting, it fails. Second, we can do after the submission of redirect page redirection, that is, to jump to the new page after submission, mainly to avoid F5 repeated submissions, but there are deficiencies. Third, the database is a unique index constraint. Four, is to do session token verification.

Let's now look at a simple way to use session token to prevent forms from repeating submissions.
We add an input hidden field in the form, that is, type= "hidden", the value value is used to save the token value, when the page is refreshed when the token value will change, submitted to determine whether the token value is correct, if the foreground submission of the token and the background does not match, is considered a duplicate submission.

The code is as follows

Copy Code

<?php /* * PHP Simple use token to prevent form repeat submission */ Session_Start (); Header ("Content-type:text/html;charset=utf-8"); function Set_token () { $_session[' token '] = MD5 (Microtime (true)); } function Valid_token () { $return = $_request[' token '] = = = $_session[' token ']? True:false; Set_token (); return $return; } If token is empty, a token is generated if (!isset ($_session[' token ')) | | $_session[' token ']== ') { Set_token (); } if (Isset ($_post[' web ')) { if (!valid_token ()) { echo "token error, please do not repeat the submission!" "; }else{ Echo ' successfully submitted, Value: '. $_post[' web '; } }else{ ?> <form method= "POST" action= "" > <input type= "hidden" name= "token" value= "<?php echo $_session[' token '"]?> "> <input type= "text" class= "input" name= "Web" value= "www,111cn.net" > <input type= "Submit" class= "BTN" value= "submitted"/> </form> <?php } ?>

The above is a simple example to prevent duplicate submission of forms, for informational purposes only. Then the actual project development, the form token will do more complex processing, that is, we say the token verification. What you might want to do is verify the source domain, the routing, the external commit, the action to be performed, add, modify, or delete, and then most importantly, build Token,token can use reversible encryption algorithms, as complex as possible because plaintext is still unsafe. The specific algorithm of token verification can refer to each large PHP framework, such as thinkphp provides a good token authentication function.