PHP using session and cookie anti-repetition submission Example _php tutorial

In web page development to prevent duplicate submissions is a more practical and commonly encountered problems, in addition to our database can directly query whether users submit the same data for filtering, we can also when users submit data to prevent such things to find, Let me introduce some implementation-based methods based on the session and the cookie anti-duplication submission.

Prevent refresh or re-submit

So consider adding a parameter to prevent the occurrence of this kind of situation, the cookie and session to choose, but the cookie is the client, if you disable the cookie, you can still maliciously refresh the number of clicks. Or use the session's good, ip+url parameter MD5 value to do session name
Implementation principle setting Max_reloadtime = 100; Set the maximum interval for page refreshes
The user first opens the page record the current time saved in Session_Start
The user opens the page for the second time (judging if session_start exists) and subtracts the current time from the Session_Start to get the difference time_passed
When time_passed < Max_reloadtime indicates that a user has flushed a warning frequently within a specified time, exit directly

The code is as follows	Copy Code
Session_Start (); $k = $_get[' K ']; $t = $_get[' t ']; Anti-Refresh Time $allowTime = 1800; $ip = Get_client_ip (); $allowT = MD5 ($ip. $k. $t); if (!isset ($_session[$allowT])) { $refresh = true; $_session[$allowT] = time (); } ElseIf (Time ()-$_session[$allowT] > $allowTime) { $refresh = true; $_session[$allowT] = time (); } else { $refresh = false; } ?>

Prevent form repeat submission

The code is as follows

Copy Code

/* Improved version PHP prevents users from refreshing the page (refresh or Reload) and repeatedly submits the form content. Because the contents of the form variable are referenced by $_post[' name '), it is possible to destroy the $_post[' name ' (unset ()) Directly after processing the form. actually otherwise It is possible that the content of the form is cached by default on the page, so even if $_post[' name ' is destroyed, the $_post[' name ' will still be assigned as valid after the refresh. can be solved by session. First assign a value to the session, such as 400, the first commit after the successful change session value, when the second commit to check the value of the session, if not 400, will no longer process the data in the form. Can I set the session's effective time? */ if (Isset ($_post[' action ')) && $_post[' action '] = = ' submitted ') { Session_Start (); Isset ($_session[' num ')) or Die ("no SESSION"); if ($_session[' num ']==400) { print ' ’; Print_r ($_post); print ' Please try again '; print ' ’; $_session[' num ']=500; } else { print ' ’; Print_r ($_post); echo "However you had submitted"; print ' ’; } } else { Session_Start () or Die ("session was not started"); $_session[' num ']= 400; ?> } ?>

Example, a demo version based on Smarty

The code is as follows	Copy Code
$code = Mt_rand (0,1000000); Setcookie (' Addtips ', $code, Time () +300); if (Isset ($_post[' submit ')) { if ($_cookie[' addtips ']!= $_post[' code ') { echo "Please do not refresh this page or submit the form again"; Exit (); } } $smarty->assign (' Code ', $code);

10./////prevent forms from repeating commits

In the TPL template

The code is as follows

Copy Code

1. /* Use PHP's session function to avoid duplicate submissions of PHP forms. Session is saved on the server side, in the process of PHP can change the session variable, the next time you access this variable, get a new assignment value, so, you can use a session variable to record the value of the form submission, if not match, it is considered that the user in the repeated submission */ Session_Start ();//Generate random numbers based on current session $code = Mt_rand (0,1000000); $_session[' Code ' = $code; To hide a pass in a form: < input type= "hidden" name= "originator" value= "<? = $code?>" > The code on the Receive page is as follows: Session_Start (); if (Isset ($_post[' originator ')) { if ($_post[' originator ') = = $_session[' Code ']) { The statement that processes the form, omitting }else{ Echo ' Please do not refresh this page or Repeat the submission form! ’; } }

http://www.bkjia.com/PHPjc/633153.html www.bkjia.com true http://www.bkjia.com/PHPjc/633153.html techarticle in web Development to prevent duplicate submissions is a more practical and commonly encountered problems, in addition to our database can directly query whether users submit the same data for filtering, ...

