Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to prevent multiple form submission on multiple clicks in PHP

Tags:

How to prevent multiple form submission on multiple clicks in PHP

like image 305
Marcel Avatar asked Jan 06 '11 10:01

Marcel


People also ask

How do you prevent multiple submissions of a form explain?

Disabling the Submit Button In practice this can cause a form to be submitted, or some other event triggered, more than once. The second button however will only accept a single click and ignore all subsequent clicks. The trick is to use JavaScript to set the disabled property of the button to true.

How do I stop a form submission in PHP?

You can use exit() to stop PHP executing if you need to. Otherwise, you'll need to validate the form client-side using JavaScript (something you can find plenty of information about here or through Google).

How do you stop re submitting a form after clicking back button?

You can check if the user clicked the back button, disable form if true. Another way is by storing a cookie which you check on page load, if it exists you can disable the form.


2 Answers

Use a unique token generated each time you display a form and which can be used only one time; it is also usefull to prevent CSRF and replay attacks. A little example :

<?php session_start();  /**  * Creates a token usable in a form  * @return string  */ function getToken(){   $token = sha1(mt_rand());   if(!isset($_SESSION['tokens'])){     $_SESSION['tokens'] = array($token => 1);   }   else{     $_SESSION['tokens'][$token] = 1;   }   return $token; }  /**  * Check if a token is valid. Removes it from the valid tokens list  * @param string $token The token  * @return bool  */ function isTokenValid($token){   if(!empty($_SESSION['tokens'][$token])){     unset($_SESSION['tokens'][$token]);     return true;   }   return false; }  // Check if a form has been sent $postedToken = filter_input(INPUT_POST, 'token'); if(!empty($postedToken)){   if(isTokenValid($postedToken)){     // Process form   }   else{     // Do something about the error   } }  // Get a token for the form we're displaying $token = getToken(); ?> <form method="post">   <fieldset>     <input type="hidden" name="token" value="<?php echo $token;?>"/>     <!-- Add form content -->   </fieldset> </form> 

Combine it with a redirect so you keep a perfect backward and forward behavior. See the POST / redirect / GET pattern for more information about the redirect.

like image 191
Arkh Avatar answered Sep 28 '22 05:09

Arkh


You could disable the button after the first click (using JavaScript) and also have a check on the back-end (just in-case they disabled their JavaScript) which checks if they just recently submitted.

There are quite a few different ways of doing the check on the back-end. One way would be to set a session variable when they click it the first time, which can let the system know that it's processing. If they click a second, third or fourth time, then it can just check the session variable, and if that indicates that it's already been clicked, it won't process.

That's just one example - you could use that as a start.

like image 43
xil3 Avatar answered Sep 28 '22 04:09

xil3