Restrict multiple commits of the same form in ASP

This article describes an easy way to prevent users from submitting the same form multiple times during the current session in an ASP application. It is mainly composed of four subroutines, in a simpler application, you simply put the code in the containing file directly referenced can be, for those more complex environment, we at the end of the article to give some suggestions for improvement.

First, the basic work process

Let's discuss the four subroutines in turn.

(i) initialization

Here we want to save two variables in the Session object, where:

⑴ each form corresponds to a unique identifier called a FID, in order to make the value unique to use a single counter.

⑵ each time a form is successfully committed, it must store its FID in a Dictionary object.

We use a dedicated process to initialize the above data. Although each subroutine will call it later, it is actually executed once per session:

Sub Initializefid ()
If not IsObject (session ("Fidlist")) Then
Set session ("Fidlist") =server.createobject ("Scripting.Dictionary")
Session ("FID") =0
End If
End Sub

(ii) Generate unique identifiers for the form

The following function, Generatefid (), is used to generate a unique flag for a form. The function first adds the FID value to 1, and then returns it:

Function Generatefid ()
Initializefid
Session ("FID") = Session ("FID") + 1
Generatefid = Session ("FID")
End Function

(iii) Registration of submitted forms

When the form is successfully submitted, it registers its unique identity in the Dictionary object:

Sub Registerfid ()
Dim Strfid
Initializefid
Strfid = Request ("FID")
Session ("Fidlist"). Add Strfid, now ()
End Sub

(iv) Check if the form is submitted repeatedly

Before you formally process a user-submitted form, you should check to see if its FID is registered in the Dictionary object. The following Checkfid () function completes this work, and returns False if it has been registered, otherwise returns true:

Function Checkfid ()
Dim Strfid
Initializefid
Strfid = Request ("FID")
Checkfid = Not session ("Fidlist"). Exists (Strfid)
End Function

Second, how to use

There are two places to use the above function, that is, when the form is generated and when the results are processed. Assuming that the above four subroutines have been put into the include file Forms.inc, the following code determines whether to generate a form or process a form result based on the FID value, and the process described is appropriate for most ASP applications:

%option explicit%>
!--#include file= "Forms.inc"-->
html>
head>
title> form submission Test,/title>
/head
body>
%
If Request ("FID") = "" Then
Generateform
Else
ProcessForm
End If
%>
/body>
/html>

Generateform is responsible for generating the form, and the form should contain a hidden fid, such as:

%
Sub Generateform ()
%>
Form action= "%=request.servervariables (" Path_info ")%>" method=get>
"Input Type=hidden name=fid value=" "%=generatefid ()%>"
Input Type=text name= "param1" value= "" "
Input type=submit value= "OK"
/form>
%
End Sub
%>

ProcessForm is responsible for processing content submitted through the form, but before processing you should call Checkfid () to check that the current form has been committed, such as the Code class:

%
Sub ProcessForm ()
If Checkfid () Then
Response.Write "The content you entered is" & Request.QueryString ("param1")
Registerfid
Else
Response.Write "This form can only be submitted once!"
End If
End Sub
%>

III. Limitations and improvement measures

Above we describe a method that restricts the submission of the same form multiple times during the current session. In practical applications, improvements may need to be made in a number of ways, such as:

⑴ the legality of the user input data before the registration form ID, making the data illegal, the user can press the Back button to return and submit the same form again after the correction.

⑵ This restriction on form submission can only be valid during the current session. If this restriction is required to span multiple sessions, it is necessary to use a Cookeis or database to hold the relevant data.

⑶ This method is not safe. It is only used to guard against misoperation and does not prevent skilled users from intentionally submitting the same form multiple times.