在PHP中提交表单时如何防止多次插入

在PHP中提交表单时如何防止多次插入

本文介绍了在PHP中提交表单时如何防止多次插入?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

有时用户可能会按两次 Enter 两次,并且帖子被插入两次。

有没有解决方案除了检查是否已经有一个具有相同标题内容

的帖子以外b $ b

解决方案

有几种解决方案可以解决这个问题:


  1. 使用Javascript在发布时禁用表单的提交按钮。不足之处在于,这绝对不是一种万无一失的方式。提交表单时不需要真正点击按钮就很容易,对于JavaScript禁用的用户也无效。 我绝对不会推荐这种方法。

     < script language =javascript> 
    function disableSubmitButton(){
    //您可以填入空格:)
    }
    - >
    < / script>
    < form action =foo.phpmethod =post>
    < input type =textname =bar/>
    < input type =submitvalue =Saveonclick =disableSubmitButton();>
    < / form>


  2. 使用将会话变量(例如$ _SESSION ['posttimer'])设置为当前时间戳。在PHP中处理表单,检查$ _SESSION ['posttimer']变量是否存在,并检查某个时间戳差异(IE:2秒)。这样,您可以轻松过滤出双重提交。

    示例:

      // form.html 
    < input type =textname =bar/>
    < input type =submitvalue =Save>
    < / form>
    $ b $ // foo.php
    if(isset($ _ POST)&&!empty($ _ POST))
    {
    if(isset($ _ SESSION ['posttimer']))
    {
    if((time() - $ _SESSION ['posttimer']) {
    //小于2自上次发布后的秒数
    }
    else
    {
    //自上次发布后超过2秒
    }
    }
    $ _SESSION ['' posttimer'] = time();


  3. 每个POST包含一个唯一标记。 strong>在这种情况下,您还可以为要包含的令牌设置会话变量,然后在窗体中呈现该令牌。表单提交后,您将重新生成令牌。当提交的令牌与会话中的令牌不匹配时,表单已重新提交并应被宣布为无效。



    示例:

      // form.php 
    //显然这可以是任何你想要的,只要它是唯一的
    $ _SESSION ['token'] = md5(session_id()。time());
    ?>
    < form action =foo.phpmethod =post>
    < input type =hiddenname =tokenvalue =<?php echo $ _SESSION ['token']?> />
    < input type =textname =bar/>
    < input type =submitvalue =Save/>
    < / form>

    foo.php
    if(isset($ _ SESSION ['token']))
    {
    if(isset($ _ POST ['token'] ))
    {
    if($ _POST ['token']!= $ _SESSION ['token'])
    {
    // double submit
    }




Sometimes the user may press Enter twice, and the post is inserted twice.

Is there a solution to prevent this other than check if there is already a post with the same title and content?

解决方案

There are several solutions to this problem:

  1. Use Javascript to disable the form's submit button when it is posted. Downside to this is that this is ABSOLUTELY not a foolproof way. It's very easy to submit forms without actually clicking the button, and this would also not work for users with JavaScript disabled. I would definitely not recommend this method.

    Example:

    <script language="javascript">
    <!--
        function disableSubmitButton() {
            // you may fill in the blanks :)
        }
    -->
    </script>
    <form action="foo.php" method="post">
        <input type="text" name="bar" />
        <input type="submit" value="Save" onclick="disableSubmitButton();">
    </form>
    

  2. Use PHP sessions to set a session variable (for example $_SESSION['posttimer']) to the current timestamp on post. Before actually processing the form in PHP, check if the $_SESSION['posttimer'] variable exists and check for a certain timestamp difference (IE: 2 seconds). This way, you can easily filter out double submits.

    Example:

    // form.html
    <form action="foo.php" method="post">
        <input type="text" name="bar" />
        <input type="submit" value="Save">
    </form>
    
    // foo.php
    if (isset($_POST) && !empty($_POST))
    {
        if (isset($_SESSION['posttimer']))
        {
            if ( (time() - $_SESSION['posttimer']) <= 2)
            {
                // less then 2 seconds since last post
            }
            else
            {
                // more than 2 seconds since last post
            }
        }
        $_SESSION['posttimer'] = time();
    }
    

  3. Include a unique token on each POST. In this case, you would also set a session variable to the token you want to include and then render the token in the form. Once the form is submitted, you re-generate the token. When the submitted token does not match the token in your session, the form has been re-submitted and should be declared invalid.

    Example:

    // form.php
    <?php
        // obviously this can be anything you want, as long as it is unique
        $_SESSION['token'] = md5(session_id() . time());
    ?>
    <form action="foo.php" method="post">
        <input type="hidden" name="token" value="<?php echo $_SESSION['token'] ?>" />
        <input type="text" name="bar" />
        <input type="submit" value="Save" />
    </form>
    
    // foo.php
    if (isset($_SESSION['token']))
    {
        if (isset($_POST['token']))
        {
            if ($_POST['token'] != $_SESSION['token'])
            {
                // double submit
            }
        }
    }
    

这篇关于在PHP中提交表单时如何防止多次插入?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-04 20:02