The following situations will cause the form to be submitted repeatedly:
·Click the submit button twice.
·Click the refresh button.
·Use the browser back button to repeat the previous operation, resulting in repeated submission of the form.
·Use browser history to submit the form repeatedly.
· Repeated HTTP requests from the browser.
·The web page was maliciously refreshed.
The following are several solutions:
1. Use js to set the button to turn gray when clicked
<form name=form1 method=”POST” action=”/” target=_blank> <p> <input type=”text” name=”T1″ size=”20″> <input type=”button” value=”提交” οnclick=”javascript:{this.disabled=true;document.form1.submit();}”> </p> </form>
Click After the button is completed, it turns gray and cannot be clicked. If the user needs to submit the form again, he must refresh the page, fill in the data again, and then submit.
Related recommendations: "php tutorial"
2. Use session
to put a special mark in the session. When the form page is requested, a special character string is generated, stored in the session, and placed in the hidden field of the form. When accepting and processing form data, check whether the identification string exists, immediately delete it from the session, and then process the data normally.
If it is found that there is no valid flag string in the form submission, it means that the form has been submitted and the submission is ignored.
This gives your web application more advanced XSRF protection.
When loading the submitted page, a random number is generated:
$code = mt_rand(0,1000000);
Stored in the hidden input box of the form:
< input type=”hidden” name=”code” value=””>
The PHP code on the receiving page is as follows:
<?php session_start(); if(isset($_POST[‘code'])) { if($_POST[‘code'] == $_SESSION[‘code']){ // 重复提交表单了 }else{ $_SESSION[‘code'] =$_POST[‘code']; //存储code } }?>
3. Using cookies
The principle is similar to that of session, but once the user's browser disables cookies, this function will be invalid.
if(isset($_POST[‘submit'])){ setcookie(“tempcookie”,””,time()+30); header(“Location:”.$_SERVER[PHP_SELF]);exit(); } if(isset($_COOKIE[“tempcookie”])){ setcookie(“tempcookie”,””,0);echo “您已经提交过表单”; }
4. Use header function to jump
Once the user clicks the submit button, jump to other pages after processing the data.
if (isset($_POST[‘submit'])) { header(‘location:success.php');//处理数据后,转向到其他页面 }
5. Use the database to add constraints
Add unique constraints or create unique indexes directly in the database. Once the user is found to have submitted repeatedly, a warning will be thrown directly or Tip, or only process the data submitted for the first time. This is the most direct and effective method, and requires thorough consideration of the early database design and architecture.
6. Post/Redirect/Get mode
Perform page redirection after submission. This is the so-called Post-Redirect-Get (PRG) mode. In short, when the user submits the form, you perform a client-side redirection to the submission success information page.
if (isset($_POST[‘action']) && $_POST[‘action'] == ‘submitted') { //处理数据,如插入数据后,立即转向到其他页面 header('location:submits_success.php'); }
The above is the detailed content of How to avoid multiple submissions in php. For more information, please follow other related articles on the PHP Chinese website!