Geek Answers Handbook

How to prevent form submission again?

I got the form POST, and it sends the data to the same file, and if you use the back button in your browser, it can just simply send the data again, and it will still read.

Is there any way to avoid this behavior?

+5
source share
6 answers

The link sent by Levy will answer for you. But in case you need an alternative, here's how I do it ...

A user sends messages to a class, such as yours. the same file. At the beginning of the class I am doing post-processing. In this example, I will do it very simply ...

<?php
session_start();

//set form vars ahead of time so you can pre-populate the value attr on post
$form = array(
    'name' => '',
    'email' => ''
);

if(!empty($_POST))
{
    //do some kind of validation...
    $errors = array();
    if(trim($_POST['name']) == '')
        $errors[] = 'Please enter your name';

    if(empty($errors))
    {
        $_SESSION['message'] = 'Thank you for participating';
        header('location: /form.php'); // same file
        exit;
    }
    else
    {
        // set the form vars to the post vars so you don't lose the user input
        $form['name'] = $_POST['name'];
        $form['email'] = $_POST['email'];

        $message = '<span style="color:red">';
        foreach($errors AS $error)
        {
            $message .= $error."<br />";
        }
        $message .= '</span>';
        $_SESSION['message'] = $message;
    }
}

if(isset($_SESSION['message']))
{
    echo $_SESSION['message'];
    unset($_SESSION['message']);
}
?>
<form id="some_form" action="" method="post">
    <fieldset>
        <label for="name">Name</label> <input type="text" name="name" value="<?php echo $form['name']; ?>" />
        <br /><br />
        <label for="email">Email</label> <input type="text" name="email" value="<?php echo $form['email']; ?>" />
        <br /><br />
        <input type="submit" name="submit" value="Submit" />
    </fieldset>
</form>

Now you can update again and again and not submit the form twice.

, . , , , .

+4

.

POST-Redirect-GET

post-redirect-get, signup.php, POST ed submit.php, REDIRECT thanks.php. GET thanks.php. , , submit.php, POST, . .

signup.php
-----------
...
<input type="text" name="email">
...

submit.php
----------
...
if ($_POST) {
  // process data
  header('Location: thanks.php');
}
...

thanks.php
----------
...
Thanks
...

NONCE

nonce . CSRF. , :

<input type="nonce" value="<?= uniqid(); ?>">

nonce ( - ), , nonce . , nonce , , .

+3

100% , , , , Post/Redirect/Get.

+2

, $_SESSION['stopdupe'] .

:

  • , $_SESSION['stopdupe'] . ( , )
  • Unset $_SESSION['stopdupe']
  • .

, , .

onSubmit javascript , .

+1

. smarty, smarty. . , .

HTML:

<form action="submit_file.php" method="POST">
<input type="hidden" name="submit_edit" value="1">
<input type="text" name="data"/>
</form>

php globals.php

if (count($_POST) > 0) {
    if (isset($_POST['submit_edit']) && $_POST['submit_edit'] == '1'
            && time() - $_SESSION['last_request_time'] < 100
            && count($_SESSION['last_request']) > 0
            && serialize($_SESSION['last_request']) == serialize($_POST)) {

        $oSmarty->assign('display_time_alert', '1');
        unset($_POST['submit_edit']);
        unset($_REQUEST['submit_edit']);
    } else {
        $_SESSION['last_request_time'] = time();
        $_SESSION['last_request'] = $_POST;
    }
}

head.tpl

{literal}
    <script>
function showTimeAlert(){
        alert('{/literal}{tr var="Cannot send the same request twice"}{literal}');
    }
    {/literal}
    {if isset($display_time_alert) AND $display_time_alert eq '1'}
    showTimeAlert();
    {/if}
    {literal}



    </script>
{/literal}

submit_file.php

require_once("globals.php");

if(isset($_POST['submit_edit']) && $_POST['submit_edit'] == '1')){
//record data
}

$oSmarty->dysplay(some.tpl);//in some.tpl is included head.tpl
+1

The first page uses one session variable and is assigned the value 1. Example:

<form name="frm1" method="post">
    <?php $_SESSION['resend_chk']=1; ?>
    <input type="text" name="a" />
    <input type="submit" name="submit">
</form>

On the second page:

if(isset($_REQUEST['submit'])
{
    if($_SESSION['resend_chk']==1)
    {
        insert to db OR and any transaction
        $_SESSION['resend_chk']=0;
    }
}

It will be inserted once or the transaction will occur once in db, and the value of the session variable will change, the next time we try to resend the data, it will not perform any transactions because the value of the session variable has already been changed.

0
source

More articles:


All Articles