Summary of php page anti repeat submission method
- 2020-11-25 07:11:50
- OfStack
1. Set the submit button disabled
When the user submits, immediately make the button unavailable. This is done using js.
Before submission
$("#submit").attr('disabled','true');
$("#submit").val(" Please wait while submitting ");
....................................................................................
After execution, set the button to its original state
$('#submit ').removeAttr('disabled');
$("#submit ").val(" Sure to submit ");
2. Expiration time method
Idea: When the user submits the button, one token is generated (token is the only value for each business submission) and deposited into session, and the expiration time is set. When the user submits this again, token is tested for 1 and expired, and if 1 is not expired, it is considered to have been submitted twice. In the event of an error in program execution, the value stored in session needs to be cleared. See the following program
function checkRepeatSubmit($uniqueid = '', $expire = 30) {
$uniqueid = empty($uniqueid) ? Yii::app()->user->id . Yii::app()->user->name . Yii::app()->user->mihome : $uniqueid;
$token = md5("wms_check_repeat" . $uniqueid);
$time = time();
if (isset($_SESSION['token']) && !empty($_SESSION['token']) && $_SESSION['token'] == $token && ($time - $_SESSION['expire_time'] < $expire)) {
return false;
} else {
$_SESSION['token'] = $token;
$_SESSION['expire_time'] = $time;
//session It waits for the entire page to load and can be written immediately
session_write_close();
return true;
}
}
// Deletes stored values
function cancelRepeatSubmit() {
unset($_SESSION['token']);
unset($_SESSION['expire_time']);
}
3. token destruction Method
Idea: Generate token when the page is added, store it in session, and write it in the form. When the form is submitted, it will be submitted to the server along with the form, and the server will compare the token deposited by session with token. If it is equal, the token stored in seesion will be destroyed. When the page is submitted twice, an error will be reported because the token deposited in session does not exist. Here's the code
/**
* The first 2 Kind of plan
* 1 And produce token And there are session In the
* 2 , generated with the page
* 3 , submit page and session Make a comparison, and then make a comparison session For destruction
* 4 And the first 2 This value does not exist for the second commit and an error is reported
* @param type $uniqueid
* @return type
*/
function createToken($uniqueid) {
$uniqueid = empty($uniqueid) ? Yii::app()->user->id . Yii::app()->user->name . Yii::app()->user->mihome : $uniqueid;
$token = md5("wms_check2_repeat" . $uniqueid);
$_SESSION['form_token'] = $token;
session_write_close();
return $token;
}
function checkToken($token) {
if (!isset($_SESSION['form_token']) || empty($_SESSION['form_token']) || $_SESSION['form_token'] != $token) {
return false;
} else {
unset($_SESSION['form_token']);
return true;
}
}
The above three methods are summarized, and I think the combination of the first method and the second method will achieve better results. The second method and the third method. I feel that the third method has advantages.
The second and third methods both write token in session. This method has the advantage of saving storage space, but the disadvantage is that session requires the entire page to be loaded before it can be written. Therefore, when the entire page is loaded slowly and the user clicks on the submit multiple times, the system may still consider it as the first input because session has not been written yet. Causes validation to fail. Fortunately, the php function provides a nifty function. session_write_close(), you can write session immediately without waiting for the page to load. Colleagues also have many ways to choose to store session, which can be stored in redis, memcache or database.