If inserting a data into the database succeeds and jumps to the next page and then returns and inserts a piece how to avoid
Reply content:
If inserting a data into the database succeeds and jumps to the next page and then returns and inserts a piece how to avoid
//表单页面
//提交页面session_start();if (!isset($_SESSION['token']) || $_POST['token'] != $_SESSION['token']) { die('重复提交');}unset($_SESSION['token']);//code..
Add a one-time "voucher" in your post form, the voucher is signed by the logic that generated the form page, cached, and then in the logic to accept the post, check the validity of the credentials, effectively execute the save write to the database, and clean out the credentials;
1. The first request, the credentials are not timed out and valid, passed.
2. Return the request address, the actual post is the same data in the past, but the voucher has been cleared for the first time, will detect the credential invalidation.
3. Multiple simulated (malicious) post requests, credentials are associated, and have time-sensitive and one-time characteristics, and will not carry out saving data.
Try, struck, look at June--!
Add a timestamp voucher that is read after the current time and how many seconds are not repeated in the library.
Set a global flag (True/false), and then use if to determine the flag and then insert it.
Or no return after submission
Each time the form generates a unique and variable token
, it generates the corresponding session
, and then commits, validates the token. When the database is inserted successfully, clear the session. Tokens fail even if you repeat the click!