Php prevents users from submitting forms repeatedly. php prevents submitting forms _ PHP Tutorial

Source: Internet
Author: User
Php prevents users from submitting forms repeatedly, and php prevents them from submitting forms. Php prevents users from submitting forms repeatedly. php prevents users from submitting forms repeatedly, because it is possible that users can click php consecutively to prevent them from submitting forms repeatedly, and php will prevent them from submitting forms.

When submitting a form, we cannot ignore the restriction of preventing users from submitting the form repeatedly, because users may have clicked the submit button consecutively or maliciously submitted data by attackers, therefore, processing after data is submitted, such as modifying or adding data to the database, can cause problems.


So how can we avoid repeated forms? We can start from many aspects:

FirstFront-end restrictions. The front-end JavaScript is disabled after the button is clicked once, that is, disabled. this method prevents multiple click submits. However, if the javascript script is disabled, it becomes invalid.

Second, we can do this after submittingRedirect Page redirection, That is, jump to the new page after the submission, mainly to avoid repeated submission of F5, but there are also deficiencies.

ThirdUnique index constraints on databases.

The fourth step is to doSession token verification.
Now let's take a look at the simple use.Session tokenTo prevent repeated submission of forms.
We add an input hidden field in the form, that is, type = "hidden", whose value is used to save the token value. when the page is refreshed, the token value changes, after submission, check whether the token value is correct. if the token submitted by the foreground does not match that submitted by the background, it is considered to be a repeated submission.

<? Php/** PHP simply uses token to prevent repeated form submissions */session_start (); header ("Content-Type: text/html; charset = utf-8"); function set_token () {$ _ SESSION ['token'] = md5 (microtime (true);} function valid_token () {$ return = $ _ REQUEST ['token'] ===$ _ SESSION ['token']? True: false; set_token (); return $ return;} // if the token is empty, a token if (! Isset ($ _ SESSION ['token']) | $ _ SESSION ['token'] = '') {set_token ();} if (isset ($ _ POST ['web']) {if (! Valid_token () {echo "token error. please do not submit it again! ";}Else {echo 'submitted successfully, Value:'. $ _ POST ['web'] ;}} else {?> <? Php }?>

The above is a simple example to prevent repeated submission of forms.

In actual project development, the token of the form is more complex, that is, token verification. The following operations may be performed:Verify the source domain,That is, whether it is submitted externally;Match the action to be executed, Is to add, modify or delete; the second most important thing isBuild token, Token can be usedReversible encryption algorithm, As complex as possible, because the plaintext is still insecure.

The above is how to solve the problem that ph prevents users from submitting forms repeatedly. I hope it will be helpful for you to learn.

When submitting a form, the restriction cannot be ignored to prevent users from submitting the form repeatedly, because it is possible for users to click continuously...

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.