Menu
How to prevent multiple form submission on multiple clicks in PHP
305
Disabling the Submit Button In practice this can cause a form to be submitted, or some other event triggered, more than once. The second button however will only accept a single click and ignore all subsequent clicks. The trick is to use JavaScript to set the disabled property of the button to true.
You can use exit() to stop PHP executing if you need to. Otherwise, you'll need to validate the form client-side using JavaScript (something you can find plenty of information about here or through Google).
You can check if the user clicked the back button, disable form if true. Another way is by storing a cookie which you check on page load, if it exists you can disable the form.
Use a unique token generated each time you display a form and which can be used only one time; it is also usefull to prevent CSRF and replay attacks. A little example :
<?php session_start(); /** * Creates a token usable in a form * @return string */ function getToken(){ $token = sha1(mt_rand()); if(!isset($_SESSION['tokens'])){ $_SESSION['tokens'] = array($token => 1); } else{ $_SESSION['tokens'][$token] = 1; } return $token; } /** * Check if a token is valid. Removes it from the valid tokens list * @param string $token The token * @return bool */ function isTokenValid($token){ if(!empty($_SESSION['tokens'][$token])){ unset($_SESSION['tokens'][$token]); return true; } return false; } // Check if a form has been sent $postedToken = filter_input(INPUT_POST, 'token'); if(!empty($postedToken)){ if(isTokenValid($postedToken)){ // Process form } else{ // Do something about the error } } // Get a token for the form we're displaying $token = getToken(); ?> <form method="post"> <fieldset> <input type="hidden" name="token" value="<?php echo $token;?>"/> <!-- Add form content --> </fieldset> </form> Combine it with a redirect so you keep a perfect backward and forward behavior. See the POST / redirect / GET pattern for more information about the redirect.
191
You could disable the button after the first click (using JavaScript) and also have a check on the back-end (just in-case they disabled their JavaScript) which checks if they just recently submitted.
There are quite a few different ways of doing the check on the back-end. One way would be to set a session variable when they click it the first time, which can let the system know that it's processing. If they click a second, third or fourth time, then it can just check the session variable, and if that indicates that it's already been clicked, it won't process.
That's just one example - you could use that as a start.
43
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
