PHP prevents users from repeating the form, PHP prevents submission of form _php tutorial

PHP prevents users from repeating the form, and PHP prevents the form from being submitted

One of the limitations we cannot ignore when we submit a form is to prevent users from repeating the form, because it is possible for users to repeatedly click the Submit button or the attacker to maliciously commit the data, so we will be in trouble when we post the data, such as modifying or adding data to the database.

：

So how to avoid the recurrence of this form of the occurrence of the phenomenon? We can start in many ways:

First, limit it from the front end . The front-end JavaScript is disabled after the button is clicked, that is, disabled, which simply prevents multiple clicks of the Submit button, but the disadvantage is that if the user disables the JavaScript script it fails.

Second, we can do after the submission of redirect page redirection, that is, after the submission to the new page, mainly to avoid F5 repeated submissions, but there are shortcomings.

The third is that the database makes a unique index constraint .

The four is to do session token verification .
Let's now look at a simple way to use session token to prevent a form from repeating a commit.
We add an input hidden field in the form, that is, type= "hidden", whose value is used to hold the token value, when the page is refreshed, the token value will change, after committing to determine whether the token value is correct, if the token submitted by the foreground does not match the background, is considered a duplicate commit.

<?php/* * PHP simply uses token to prevent the form from repeating submission */session_start (); Header ("Content-type:text/html;charset=utf-8"); function Set_token () {  $_session[' token '] = MD5 (Microtime (TRUE));}  function Valid_token () {  $return = $_request[' token '] = = = $_session[' token ']? true:false;  Set_token ();  return $return; }  //If token is empty, generate a token if (!isset ($_session[' token ')) | | $_session[' token ']== ') {  set_token ();}  if (Isset ($_post[' web ')) {  if (!valid_token ()) {  echo "token error, please do not repeat the submission!) ";  } else{  Echo ' successfully submitted, Value: '. $_post[' web ';  }} else{?>   

The above is a simple example of preventing duplicate submission of forms.

In the actual project development, the form token will be processed more complex, that is, the token verification we are talking about. Possible processing is: Verify the source domain, that is, the origin, whether the external commit, matching the action to be performed is to add, modify or delete, and then the most important is to build tokens, token can be used The reversible encryption algorithm , as complex as possible, because the plaintext is still unsafe.

The above is for everyone to share how to solve the ph to prevent users from repeating the form of the problem, I hope that everyone's learning has helped.

http://www.bkjia.com/PHPjc/1067303.html www.bkjia.com true http://www.bkjia.com/PHPjc/1067303.html techarticle PHP prevents users from repeating the form, PHP prevents the submission of forms when we submit a form, we can not ignore a limitation is to prevent users from repeating the form, because it is possible for users to continuously click ...

