PHP generates token to prevent repeated submission of two examples

Source: Internet
Author: User
Tags auth php database

I searched the internet and many webmasters said this.

1. Set the submit button to disabled.

After the user submits the request, immediately change the button to unavailable. This is implemented using js.
The code before submission is as follows:

The code is as follows:

$ ("# Submit"). attr ('disabled ', 'true ');
$ ("# Submit"). val ("submitting, please wait ");

After execution, set the button to the original state
The code is as follows:

The code is as follows:

$ ('# Submit'). removeAttr ('disabled ');
$ ("# Submit"). val ("confirm to submit ");

This is just for some simple front-end submissions. If we make a form webmaster to submit to us the php logic layer file, we will filter this js.

Expiration Time Method

After the user submits the button, a token is generated (the token for each business submission is a unique value) and saved to the session and the expiration time is set. When you submit the token again, check whether the token is consistent and has expired. If the token is consistent and has not expired, the token is considered to have been submitted twice.

Example

The code is as follows:

<? Php
/*
* PHP simply uses token to prevent repeated submission of forms
* This method is purely intended for beginners.
*/
Session_start ();
Function set_token (){
$ _ SESSION ['token'] = md5 (microtime (true ));
}

Function valid_token (){
$ Return = $ _ REQUEST ['token'] = $ _ SESSION ['token']? True: false;
Set_token ();
Return $ return;
}

// If the token is Null, a token is generated.
If (! Isset ($ _ SESSION ['token']) | $ _ SESSION ['token'] = ''){
Set_token ();
}

If (isset ($ _ POST ['test']) {
If (! Valid_token ()){
Echo "token error ";
} Else {
Echo 'submitted successfully, Value: '. $ _ POST ['test'];
 }
}
?>
<Form method = "post" action = "">
<Input type = "hidden" name = "token" value = "<? Php echo $ _ SESSION ['token']?> ">
<Input type = "text" name = "test" value = "Default">
<Input type = "submit" value = "submit"/>
</Form>

Method 2

The code is as follows:

<? Php
// Enable session
Session_start ();
// If a submission ID exists
If (isset ($ _ GET ['action']) & $ _ GET ['action'] = 'save '){

// If a session exists and it is the same as the passed value, it is submitted.
If (isset ($ _ SESSION ['_ open_auth']) & isset ($ _ POST ['auth']) & $ _ SESSION ['_ open_auth'] =$ _ POST ['auth ']) {
Print_r ($ _ POST );
$ _ SESSION ['_ open_auth'] = null; // clear
} Else {

// Start
Header ("location: post. php ");
 }
Exit ();
}

// Authorization
$ Auth = $ _ SESSION ['_ open_auth'] = time ();

?>
<! Doctype html>
<Html>
<Head>
<Meta charset = "UTF-8">
<Title> post </title>
</Head>
<Body>
<Form action = "post. php? Action = save "method =" post ">
<Ul>
<Li>
<Input type = "hidden" name = "auth" value = "<? Php echo $ auth;?> ">
<Input type = "text" name = "userName">
</Li>
<Li>
<Input type = "password" name = "userpass">
</Li>
<Li>
<Input type = "submit" value = "start">
</Li>
<Li>
<? Php echo time () ;?>
</Li>
</Ul>
</Form>
</Body>
</Html>

Prevent repeated records in the mysql php database

The code is as follows:

<? Php
$ Link = mysql_connect ('localhost', 'root', '000000'); // Obtain the MySQL database connection.
$ Username = $ _ GET ["name"]; // GET the data transmitted from the client form
$ Q = "select * from usertable where user_name = '$ username '";
Mysql_query ("set names gb2312"); // avoid Chinese garbled characters
$ Rs = mysql_query ($ q, $ link); // query a database
$ Num_rows = mysql_num_rows ($ rs); // The total number of rows in the query result.
If ($ num_rows = 0)
// Fire? Liehuo.net welcome to copy and reject malicious collection of liehuo.net
{
$ Exec = "insert into student (user_name) values ($ username )";
Mysql_query ("set names gb2312 ");
Mysql_query ($ exec, $ link); // if this user does not exist, insert the data to the database (registered user)
Echo "user registration successful! ";
}
Else
{
Echo "this user name already exists. Please select another user name! ";
}
?>

The session expiration method is very important when a session is set and committed successfully or fails, this is similar to logging on. If the logon succeeds, we need to clear the session.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.