PHP generates token to prevent repeated submission of two examples

Last Update:2017-01-13 Source: Internet

Author: User

Tags auth php database

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

I searched the internet and many webmasters said this.

1. Set the submit button to disabled.

After the user submits the request, immediately change the button to unavailable. This is implemented using js.
The code before submission is as follows:

The code is as follows:
$ ("# Submit"). attr ('disabled ', 'true '); $ ("# Submit"). val ("submitting, please wait ");

After execution, set the button to the original state
The code is as follows:

The code is as follows:
$ ('# Submit'). removeAttr ('disabled '); $ ("# Submit"). val ("confirm to submit ");

This is just for some simple front-end submissions. If we make a form webmaster to submit to us the php logic layer file, we will filter this js.

Expiration Time Method

After the user submits the button, a token is generated (the token for each business submission is a unique value) and saved to the session and the expiration time is set. When you submit the token again, check whether the token is consistent and has expired. If the token is consistent and has not expired, the token is considered to have been submitted twice.

Example

The code is as follows:

<? Php
/*
* PHP simply uses token to prevent repeated submission of forms
* This method is purely intended for beginners.
*/
Session_start ();
Function set_token (){
$ _ SESSION ['token'] = md5 (microtime (true ));
}

Function valid_token (){
$ Return = $ _ REQUEST ['token'] = $ _ SESSION ['token']? True: false;
Set_token ();
Return $ return;
}

// If the token is Null, a token is generated.
If (! Isset ($ _ SESSION ['token']) | $ _ SESSION ['token'] = ''){
Set_token ();
}

If (isset ($ _ POST ['test']) {
If (! Valid_token ()){
Echo "token error ";
} Else {
Echo 'submitted successfully, Value: '. $ _ POST ['test'];
}
}
?>
<Form method = "post" action = "">
<Input type = "hidden" name = "token" value = "<? Php echo $ _ SESSION ['token']?> ">
<Input type = "text" name = "test" value = "Default">
<Input type = "submit" value = "submit"/>
</Form>

Method 2

The code is as follows:

<? Php
// Enable session
Session_start ();
// If a submission ID exists
If (isset ($ _ GET ['action']) & $ _ GET ['action'] = 'save '){

// If a session exists and it is the same as the passed value, it is submitted.
If (isset ($ _ SESSION ['_ open_auth']) & isset ($ _ POST ['auth']) & $ _ SESSION ['_ open_auth'] =$ _ POST ['auth ']) {
Print_r ($ _ POST );
$ _ SESSION ['_ open_auth'] = null; // clear
} Else {

// Start
Header ("location: post. php ");
}
Exit ();
}

// Authorization
$ Auth = $ _ SESSION ['_ open_auth'] = time ();

?>
<! Doctype html>
<Html>
<Head>
<Meta charset = "UTF-8">
<Title> post </title>
</Head>
<Body>
<Form action = "post. php? Action = save "method =" post ">
<Ul>
<Li>
<Input type = "hidden" name = "auth" value = "<? Php echo $ auth;?> ">
<Input type = "text" name = "userName">
</Li>
<Li>
<Input type = "password" name = "userpass">
</Li>
<Li>
<Input type = "submit" value = "start">
</Li>
<Li>
<? Php echo time () ;?>
</Li>
</Ul>
</Form>
</Body>
</Html>

Prevent repeated records in the mysql php database

The code is as follows:

<? Php
$ Link = mysql_connect ('localhost', 'root', '000000'); // Obtain the MySQL database connection.
$ Username = $ _ GET ["name"]; // GET the data transmitted from the client form
$ Q = "select * from usertable where user_name = '$ username '";
Mysql_query ("set names gb2312"); // avoid Chinese garbled characters
$ Rs = mysql_query ($ q, $ link); // query a database
$ Num_rows = mysql_num_rows ($ rs); // The total number of rows in the query result.
If ($ num_rows = 0)
// Fire? Liehuo.net welcome to copy and reject malicious collection of liehuo.net
{
$ Exec = "insert into student (user_name) values ($ username )";
Mysql_query ("set names gb2312 ");
Mysql_query ($ exec, $ link); // if this user does not exist, insert the data to the database (registered user)
Echo "user registration successful! ";
}
Else
{
Echo "this user name already exists. Please select another user name! ";
}
?>

The session expiration method is very important when a session is set and committed successfully or fails, this is similar to logging on. If the logon succeeds, we need to clear the session.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More