/**
*
* @authors Benjamin
* @date 2013-11-13 10:16:59
*/
1. Common repeat submission issues
a>Click the Submit button twice.
b>Click the refresh button.
c> Repeat the previous action using the browser back button, resulting in repeated submission of the form.
d>Submit the form repeatedly using browser history.
e> Repeated HTTP requests from the browser.
2. Methods to prevent repeated submission of forms
a>Disable Submit button. After the form is submitted, the button is disabled or the button click event or default event is canceled. This method prevents impatient users from clicking buttons multiple times. But there is a problem. If Javascript is banned on the client, this method will be invalid. Of course, there should be very few modern web sites.
b>Post/Redirect/Get mode. Perform page redirection after submission, which is called Post-Redirect-Get (PRG) mode. In short, when the user submits the form, you perform a client redirect and go to the submission success information page. This can avoid repeated submissions caused by users pressing F5, and there will be no warnings of repeated submissions of browser forms, and can also eliminate the same problems caused by forward and backpression by pressing browsers.
c> Use cookies to process repeated submissions in forms
Implementation in PHP:
lt;?php
if(isset($_POST['go'])){
setcookie("tempcookie","",time()+30);
header("Location:".$_SERVER[PHP_SELF]);exit();
} if(isset($_COOKIE["tempcookie"])){
setcookie("tempcookie","",0);echo "You have submitted a form";
}
?>
d>Storage a special logo in the session. When the form page is requested, a special character flag string is generated, which is present in the session and placed in the hidden field of the form. When accepting processing form data, check whether the identification string exists and delete it from the session immediately, and then process the data normally. If you find that there is no valid flag string in the form submission, it means that the form has been submitted and this submission is ignored. This gives your web application more advanced XSRF protection.
e>Add constraints in the database. Add unique constraints in the database or create unique indexes to prevent duplicate data. This is the most effective way to prevent repeated submissions of data.
*
* @authors Benjamin
* @date 2013-11-13 10:16:59
*/
1. Common repeat submission issues
a>Click the Submit button twice.
b>Click the refresh button.
c> Repeat the previous action using the browser back button, resulting in repeated submission of the form.
d>Submit the form repeatedly using browser history.
e> Repeated HTTP requests from the browser.
2. Methods to prevent repeated submission of forms
a>Disable Submit button. After the form is submitted, the button is disabled or the button click event or default event is canceled. This method prevents impatient users from clicking buttons multiple times. But there is a problem. If Javascript is banned on the client, this method will be invalid. Of course, there should be very few modern web sites.
b>Post/Redirect/Get mode. Perform page redirection after submission, which is called Post-Redirect-Get (PRG) mode. In short, when the user submits the form, you perform a client redirect and go to the submission success information page. This can avoid repeated submissions caused by users pressing F5, and there will be no warnings of repeated submissions of browser forms, and can also eliminate the same problems caused by forward and backpression by pressing browsers.
c> Use cookies to process repeated submissions in forms
Implementation in PHP:
Copy the codeThe code is as follows:
lt;?php
if(isset($_POST['go'])){
setcookie("tempcookie","",time()+30);
header("Location:".$_SERVER[PHP_SELF]);exit();
} if(isset($_COOKIE["tempcookie"])){
setcookie("tempcookie","",0);echo "You have submitted a form";
}
?>
d>Storage a special logo in the session. When the form page is requested, a special character flag string is generated, which is present in the session and placed in the hidden field of the form. When accepting processing form data, check whether the identification string exists and delete it from the session immediately, and then process the data normally. If you find that there is no valid flag string in the form submission, it means that the form has been submitted and this submission is ignored. This gives your web application more advanced XSRF protection.
e>Add constraints in the database. Add unique constraints in the database or create unique indexes to prevent duplicate data. This is the most effective way to prevent repeated submissions of data.