PHP prevents forms from repeating commits and form expiration processing

It is a tricky problem for users to submit a form because of the speed of the network, or if the webpage is maliciously flushed, causing the same record to be repeatedly inserted into the database. We can start with the client and the server side, and try to avoid repeating submissions for the same form.

1. Using client Script

Refers to client-side scripting, often using JavaScript for regular input validation. In the following example, we use it to deal with the repeated submission of a form, see the following code:

<form method= "POST" name= "register" action= "test.php" enctype= "Multipart/form-data" >

<input name= "text" type= "text" id= "text"/>

<input name= "cont" value= "Submit" type= "button" onclick= "Document.register.cont.value=" is being submitted, please wait ... '; Document.register.cont.disabled=true;document.the_form.submit (); " >

</form>

When the user clicks the Submit button, the button becomes grayed out and 5-6 is shown.

The above example uses the OnClick event to detect the user's submission status, and if the Submit button is clicked, the button is immediately invalidated and the user cannot click the button to submit again.

There is also a way to take advantage of JavaScript, but using the onsubmit () method, if you have submitted a form once, the dialog box will immediately pop up with the following code:

<script language= "JavaScript" >

<!–

var submitcount=0;

function Submitonce (form) {

if (Submitcount = = 0) {

submitcount++;

return true;

} else{

Alert ("is operating, please do not repeat the submission, thank you!") ”);

return false;

}

}

–>

</script>

<form name= "The_form" method= "post" action= "onsubmit=" return Submitonce (This) ">

<input name= "text" type= "text" id= "text"/>

<input name= "cont" value= "Submission" type= "Submit" >

</form>

In the example above, if the user has clicked the Submit button, the script automatically records the current state and adds the Submitcount variable to 1, and when the user tries to commit again, the script determines that the value of the Submitcount variable is nonzero, prompting the user to submit it, thereby avoiding repeating the form.

2. Using cookie Processing

Use a cookie to record the status of a form submission, depending on its status, to check if the form has been submitted, see the following code:

<?php

if (isset ($_post[' Go ')) {

Setcookie ("Tempcookie", "", Time () +30);

Header ("Location:". $_server[php_self]);

Exit ();

}

if (Isset ($_cookie["Tempcookie")) {

Setcookie ("Tempcookie", "", 0);

echo "You have submitted the form";

}

?>

If the client prohibits cookies, this method will not play any role, please note that. For a detailed description of the cookie, see Chapter 10th, "PHP Session Management".

3. Using session Processing

You can also avoid repeating the form by using the session function of PHP. Session is saved on the server side, in the process of PHP can change the session variable, the next time you access this variable, get the new assigned value, so, you can use a session variable to record the value of the form submission, if not match, it is considered that the user is repeating the submission, see the following code:

<?php

Session_Start ();

Generate random numbers based on current session

$code = Mt_rand (0,1000000);

$_session[' Code ' = $code;

?>

The random number is passed as a hidden value on the page form, with the following code:

<input type= "hidden" name= "originator" value= "<?= $code?>" >

The PHP code on the receive page is as follows:

<?php

Session_Start ();

if (Isset ($_post[' originator ')) {

if ($_post[' originator '] = = $_session[' code ')} {

The statement that processes the form, omitting

}else{

Echo ' Please do not refresh this page or repeat the submission form! ’;

}

}

?>

4. Use the header function to turn

In addition to the above method, there is an easier way, that is, when the user submits the form, server-side processing immediately after the move to other pages, the code is as follows.

if (Isset ($_post[' action ')) && $_post[' action '] = = ' submitted ') {

Process data, such as inserting data, and immediately turn to another page

Header (' location:submits_success.php ');

}

This way, even if the user uses the Refresh key, it does not cause the form to be duplicated because it has moved to a new page, and the page script has ignored any submitted data.

5. Processing of forms expiration

In the development process, often occurs when the form error and return to the page when the information is all lost, in order to support page bounce, can be implemented in the following two ways.

5.1 Use header header to set the cache control header Cache-control.

Header (' Cache-control:private, Must-revalidate '); Support page Bounce

5.2 Use the Session_cache_limiter method.

Session_cache_limiter (' Private, must-revalidate '); To write before the Session_Start method

The following code snippet prevents the user from filling out the form, and when the Submit button is clicked back, the content just completed on the form will not be cleared:

Session_cache_limiter (' NoCache ');

Session_cache_limiter (' private ');

Session_cache_limiter (' public ');

Session_Start ();

The following is the form content, so that when the user returns to the form, the content that has been filled in is not emptied

Paste the piece of code at the top of the script you want to apply.

Cache-control Message Header Field description

CACHE-CONTROL Specifies the caching mechanism that requests and responses follow. Setting Cache-control in a request message or response message does not modify the caching process in another message processing process.

The cache directives for the request include No-cache, No-store, Max-age, Max-stale, Min-fresh, and only-if-cached, and the instructions in the response message include public, private, No-cache, No-store, No-transform, Must-revalidate, Proxy-revalidate and Max-age. The instructions in each message are shown in the following table:

Cache directives

Description

Public

Indicates that the response can be cached by any buffer

Private

Indicates that the entire or partial response message for a single user cannot be shared by the cache processing. This allows the server to simply describe a partial response message for the user, which is not valid for another user's request

No-cache

Indicates that a request or response message cannot be cached

No-store

Used to prevent the inadvertent release of important information. Sending in a request message will make the request and response messages do not use the cache

Max-age

Indicates that the client can receive a response that is not longer than the specified time (in seconds)

Min-fresh

Indicates that the client can receive a response time that is less than the current time plus a specified time

Max-stale

Indicates that the client can receive a response message that exceeds the timeout period. If the value of the Max-stale message is specified, then the client can receive a response message that is within the specified value of the timeout period

For more information about sessions and cookies, see Chapter 10th, "PHP Session Management".

Tips on judging form actions

Forms can use the same program to assign actions that should be handled, there are different logic in the form, and how to judge the content of the button pressed by the user is only a minor problem.

In fact, as long as through the name of the submit button can be known, the form in the submission, only press the type of submit button will be sent to the table singular group, so long as the value of the button to determine the user can know which button to press, the following form as an example:

<form method= "POST" action=test.php>

<input type=submit name= "btn" value= "a" >

<input type=submit name= "btn" value= "B" >

</FORM>

When the user presses the "a" button btn=a, press the "B" button, then btn=b.

You can also use the Submit button name (name) to determine, see the following code:

<form method= "POST" action=test.php>

<input type=submit name= "a" value= "Submit a" >

<input type=submit name= "B" value= "Submit B" >

</FORM>

So as long as the Post/get parameter contains a or B, you can know which button is pressed.

<?php

Print_r ($_post);

?>

