发表新帖
发表新帖

Preventing duplicate form submissions

后端 未结
关注
3 1222
灰色年华
灰色年华 2020-12-16 01:19

I came up with a technique to prevent duplicate form submission by going back/forward or refreshing the page. And I thought about duscussing it here, I already tested a samp

相关标签:
3条回答
  • 小蘑菇
    2020-12-16 01:46

    A simpler way to achieve what you want is to use redirect on submit. After you process a POST request you redirect, possibly even to the same page. This is a common pattern called "Redirect after POST" or POST/Redirect/GET.

    For example:

    <?php
if($_POST) {
    // do something

    // now redirect
    header("Location: " . $_SERVER["REQUEST_URI"]);
    exit;
}
?>

<html> ...
<form method="post" action=""> ... </form>

    By setting the action to "" then it will submit to itself, at which point the if($_POST) code block will validate to true and process the form, then redirect back to itself.

    Of course you probably want to redirect to a different page that shows a "your form has been submitted" response or put the form on a different page and have the HTML of this page be the response.

    The benefit of this method is that when you hit the back button it does a GET request so the form is not re-submitted.

    On Firefox, it will actually take the submission to itself out of the browser history so when users browse across the web and then hit back, instead of seeing the "thank you" page they see the form page.

    0 讨论(0)
  • 梦如初夏
    2020-12-16 01:49

    Both solutions above are good but a bit short.

    how about stopping further insertions in the next few minutes from the same user with perhaps minor changes in data?

    this can be done by putting an md5 hash in a cookie on the users machine and storing a copy in the database - this way any further attempt from the same machine over a specified time can be ignored and stopped from being inserted into the database.

    perhaps someone can comment on the validity and effectiveness of my suggestion or am i barking up the wrong tree ???

    0 讨论(0)
  • 遥遥无期
    2020-12-16 01:54

    It looks like you are getting overly complicated with this. My favorite way, because it also prevents some session jacking hacks at the same time, is described here:

    http://www.spotlesswebdesign.com/blog.php?id=11

    It's simple and easy to impliment on any form. It uses a randomly generated page instance id to verify that the form submission received is identical to the last page served to that particular user.

    0 讨论(0)
 看不清?
提交回复
热议问题