Home > Backend Development > PHP Tutorial > How to Prevent Multiple Form Submissions in PHP?

How to Prevent Multiple Form Submissions in PHP?

Susan Sarandon
Release: 2024-11-10 06:43:02
Original
546 people have browsed it

How to Prevent Multiple Form Submissions in PHP?

Combating Multiple Form Submissions in PHP on Multiple Clicks

Form submission can sometimes be triggered unintentionally multiple times in a row, leading to undesired behavior and data inconsistencies. This situation can arise due to various factors, such as button multiple clicks or slow form processing. PHP provides techniques to prevent such multiple submissions, ensuring data integrity.

Preventing Multiple Form Submissions

To combat multiple submissions, a widely used approach involves utilizing a token generated each time a form is displayed. This token is then submitted with the form and validated on the server side. The pivotal benefit of this approach lies in its potential to mitigate both CSRF (Cross-Site Request Forgery) attacks and replay attacks.

A Practical Example

The example below demonstrates the creation of a unique token for each form display, along with its validation upon form submission.

<?php
session_start();

/**
 * Generates a unique token for the form
 * @return string The token
 */
function getToken(){
  $token = sha1(mt_rand());
  if(!isset($_SESSION['tokens'])){
    $_SESSION['tokens'] = array($token => 1);
  }
  else{
    $_SESSION['tokens'][$token] = 1;
  }
  return $token;
}

/**
 * Validates the token and removes it from the list of valid tokens
 * @param string $token The token
 * @return bool Validation status
 */
function isTokenValid($token){
  if(!empty($_SESSION['tokens'][$token])){
    unset($_SESSION['tokens'][$token]);
    return true;
  }
  return false;
}

// Check if a form has been submitted
$postedToken = filter_input(INPUT_POST, 'token');
if(!empty($postedToken)){
  if(isTokenValid($postedToken)){
    // Process form
  }
  else{
    // Handle error
  }
}

// Get a token for the currently displayed form
$token = getToken();
?>
<form method="post">
  <fieldset>
    <input type="hidden" name="token" value="<?php echo $token; ?>"/>
    <!-- Form content -->
  </fieldset>
</form>
Copy after login

Enhancing User Experience with Redirection

Combining the token-based approach with a redirect enhances the user experience by ensuring proper backward and forward navigation behavior. By implementing the POST / redirect / GET design pattern, you can prevent accidental resubmission when the user clicks the back button or refreshes the page.

The above is the detailed content of How to Prevent Multiple Form Submissions in PHP?. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template