PHP generates token to prevent repeated submission of forms

PHP generates token to prevent repeated form submissions. 1. the submit button is set to disabled.

After the user submits the request, immediately change the button to unavailable. This is implemented using js.

The code before submission is as follows:

$ ("# Submit"). attr ('disabled ', 'true ');

$ ("# Submit"). val ("submitting, please wait ");

After execution, set the button to the original state

The code is as follows:

$ ('# Submit'). removeAttr ('disabled ');

$ ("# Submit"). val ("confirm to submit ");

This is just for some simple front-end submissions. if we make a form webmaster to submit to us the php logic layer file, we will filter this js.

Expiration Time Method

After the user submits the button, a token is generated (the token for each business submission is a unique value) and saved to the session and the expiration time is set. When you submit the token again, check whether the token is consistent and has expired. if the token is consistent and has not expired, the token is considered to have been submitted twice.

Example

/*

* PHP simply uses token to prevent repeated submission of forms

* This method is purely intended for beginners.

*/

Session_start ();

Function set_token (){

$ _ SESSION ['token'] = md5 (microtime (true ));

}

Function valid_token (){

$ Return = $ _ REQUEST ['token'] = $ _ SESSION ['token']? True: false;

Set_token ();

Return $ return;

}

// If the token is Null, a token is generated.

If (! Isset ($ _ SESSION ['token']) | $ _ SESSION ['token'] = ''){

Set_token ();

}

If (isset ($ _ POST ['test']) {

If (! Valid_token ()){

Echo "token error ";

} Else {

Echo 'submitted successfully, Value: '. $ _ POST ['test'];

}

}

?>

Method 2

// Enable session

Session_start ();

// If a submission ID exists

If (isset ($ _ GET ['action']) & $ _ GET ['action'] = 'save '){

// If a session exists and it is the same as the passed value, it is submitted.

If (isset ($ _ SESSION ['_ open_auth']) & isset ($ _ POST ['auth']) & $ _ SESSION ['_ open_auth'] =$ _ POST ['auth ']) {

Print_r ($ _ POST );

$ _ SESSION ['_ open_auth'] = null; // clear

} Else {

// Start

Header ("location: post. php ");

}

Exit ();

}

// Authorization

$ Auth = $ _ SESSION ['_ open_auth'] = time ();

?>

Post

Prevent repeated records in the mysql php database

$ Link = mysql_connect ('localhost', 'root', 'root'); // Obtain the MySQL database connection.

$ Username = $ _ GET ["name"]; // GET the data transmitted from the client form

$ Q = "select * from usertable where user_name = '$ username '";

Mysql_query ("set names gb2312"); // avoid Chinese garbled characters

$ Rs = mysql_query ($ q, $ link); // query a database

$ Num_rows = mysql_num_rows ($ rs); // The total number of rows in the query result.

If ($ num_rows = 0)

{

$ Exec = "insert into student (user_name) values ($ username )";

Mysql_query ("set names gb2312 ");

Mysql_query ($ exec, $ link); // if this user does not exist, insert the data to the database (registered user)

Echo "user registration successful! ";

}

Else

{

Echo "this user name already exists. please select another user name! ";

}

?>

The session expiration method is very important when a session is set and committed successfully or fails, this is similar to logging on. if the logon succeeds, we need to clear the session.