Php page anti-repeated submission method summary _ PHP Tutorial

Php page anti-repeated submission method summary. 1. the submit button is set to disabled. after the user submits the button, the button is immediately set to unavailable. This is implemented using js. Copy the code before submission: $ (# submit). attr (disabled, t 1. set the submit button to disabled.

After the user submits the request, immediately change the button to unavailable. This is implemented using js.

Before submission

The code is as follows:

$ ("# Submit"). attr ('disabled ', 'true ');
$ ("# Submit"). val ("submitting, please wait ");

........................................ ........................................ ....

After execution, set the button to the original state

The code is as follows:

$ ('# Submit'). removeAttr ('disabled ');
$ ("# Submit"). val ("confirm to submit ");

2. expiration time method

Idea: after the user submits the button, generate a token (the token submitted each time is a unique value) and save it to the session and set the Expiration Time. When you submit the token again, check whether the token is consistent and has expired. if the token is consistent and has not expired, the token is considered to have been submitted twice. When an error occurs in program execution, you need to clear the value stored in the session. See the following program

The code is as follows:

Function checkRepeatSubmit ($ uniqueid = '', $ expire = 30 ){

$ Uniqueid = empty ($ uniqueid )? Yii: app ()-> user-> id. yii: app ()-> user-> name. yii: app ()-> user-> mihome: $ uniqueid;
$ Token = md5 ("wms_check_repeat". $ uniqueid );

$ Time = time ();

If (isset ($ _ SESSION ['token']) &! Empty ($ _ SESSION ['token']) & $ _ SESSION ['token'] = $ token & ($ time-$ _ SESSION ['expire _ time'] <$ expire )){

Return false;
} Else {

$ _ SESSION ['token'] = $ token;
$ _ SESSION ['expire _ time'] = $ time;
// When the session is written, it will wait until the whole page is loaded. This function can be used to write data immediately.
Session_write_close ();
Return true;
}
}

// Delete the stored value

Function cancelRepeatSubmit (){

Unset ($ _ SESSION ['token']);
Unset ($ _ SESSION ['expire _ time']);
}

3. token destruction method

Idea: when the page is installed, a token is generated, stored in the session, and written in the form. When a form is submitted, it is submitted to the server along with the form. the server compares the tokens stored in the session with the tokens. if the tokens are equal, the tokens saved in the seesion are destroyed. when the page is submitted twice, an error is returned because the token stored in the session does not exist. Below is the code

The code is as follows:

/**
* Solution 2
* 1. the token is generated and exists in the session.
* 2. generate with page
* 3. compare the submission page with the session. after successful submission, the session will be destroyed.
* 4. if this value does not exist during the second submission, an error is returned.
* @ Param type $ uniqueid
* @ Return type
*/
Function createToken ($ uniqueid ){

$ Uniqueid = empty ($ uniqueid )? Yii: app ()-> user-> id. yii: app ()-> user-> name. yii: app ()-> user-> mihome: $ uniqueid;
$ Token = md5 ("wms_check2_repeat". $ uniqueid );
$ _ SESSION ['form _ token'] = $ token;

Session_write_close ();

Return $ token;
}

Function checkToken ($ token ){

If (! Isset ($ _ SESSION ['form _ token']) | empty ($ _ SESSION ['form _ token']) | $ _ SESSION ['form _ token']! = $ Token ){
Return false;
} Else {
Unset ($ _ SESSION ['form _ token']);
Return true;
}
}

The above three methods are summarized. I personally feel that the first and second methods can work together to achieve better results. The second method and the third method are personal feelings. The third method must have advantages.

Both the second and third methods write the token in the session. the advantage of this method is that it saves storage space, but the disadvantage is that the session can be written only after the whole page is loaded, therefore, when the whole page is slow to load and the user clicks to submit multiple times, the system may think it is the first input because the session has not been written. The verification fails. Fortunately, php functions provide a powerful function. Session_write_close (). you can write the session immediately without waiting for the page to load. There are also many ways for colleagues to store sessions, including redis, memcache, and database.

When the user submits the ticket, the button is immediately set to unavailable. This is implemented using js. The code before submission is as follows: $ ("# submit"). attr ('disabled ',' t...