To prevent repeated submission, we need to add some additional verification, such as database query or form key verification or the simplest jquery event monitoring. Let's take a look at it. To prevent repeated submission, we need to add some additional verification, such as database query or form key verification or the simplest jquery event monitoring. Let's take a look at it.
Script ec (2); script
For example, in the following case, the form will be submitted repeatedly:
Click Submit twice.
Click Refresh.
Use the browser back button to repeat the previous operation, resulting in repeated form submission.
Use the browser history to repeat the submission form.
Repeated HTTP requests in the browser.
Webpages are maliciously refreshed.
Below are several solutions:
I. Click the js setting button and it turns gray.
$ (Document). ready (function (){
$ (Input: submit). click (){
SetTimeout (function () {obj. disabled = true;}, 100)
};
});
Ii. Use session
Store a special flag in the session. When a form page is requested, a special character flag string is generated, which exists in the session and is stored in the hidden field of the form. When accepting and processing form data, check whether the identification string exists, delete it from the session immediately, and then process the data normally.
If no valid flag string is found in the Form submission, it indicates that the form has been submitted and this submission is ignored.
This gives your web application more advanced XSRF protection.
When loading the submitted page, a random number is generated,
$ Code = mt_rand (usd00 );
Stored in the hidden input box of the form:
<Input type = "hidden" name = "code" value = ">
The PHP code on the receiving page is as follows:
Session_start ();
If (isset ($ _ POST ['code']) {
If ($ _ POST ['code'] ==_ _ SESSION ['code']) {
// The form is already submitted.
} Else {
$ _ SESSION ['code'] =_ _ POST ['code']; // store the code
}
}?>
Iii. Use cookies
The principle is similar to session, but once the user's browser disables cookies, this function becomes invalid.
If (isset ($ _ POST ['submit ']) {
Setcookie ("tempcookie", "", time () + 30 );
Header ("Location:". $ _ SERVER [PHP_SELF]); exit ();
}
If (isset ($ _ COOKIE ["tempcookie"]) {
Setcookie ("tempcookie", "", 0); echo "you have submitted a form ";
}
4. Jump using the header Function
Once the user clicks the submit button, after the data is processed, the page jumps to another page.
If (isset ($ _ POST ['submit ']) {
Header ('location: success. php'); // after processing data, go to other pages
}
5. Use the database to add Constraints
Directly add a unique constraint to the database or create a unique index. Once the user commits the statement repeatedly, a warning or prompt is thrown,
This is the most direct and effective method for processing only the data submitted for the first time. It is required that the database design and architecture at the early stage be fully considered.
6. Post/Redirect/Get mode.
Execute page redirection after submission. This is the so-called Post-Redirect-Get (PRG) mode. In short, after a user submits a form, you can execute a client redirection and go to the successful submission information page.
If (isset ($ _ POST ['action']) & $ _ POST ['action'] = 'submitted '){
// Process the data. For example, after inserting the data, immediately go to another page.
Header ('location: submits_success.php ');
}
This avoids repeated submission by pressing F5, and does not trigger the warning of repeated submission by browser form. It also eliminates the same problem caused by pressing forward and backward by browser.