有什么方法可以防止在表单中重复发布? (PHP) [英] What are some methods to prevent double posting in a form? (PHP)
问题描述
我想防止用户无意中发表两次评论. 我使用PRG(重定向后获取)方法,以便将数据插入另一个页面,然后将用户重定向到显示注释的页面.这使用户可以根据需要刷新多次.但是,当用户返回并再次单击提交"时,或者当他们单击提交"的速度非常快时,这是行不通的.我不希望有100条相同的评论.
I want to prevent users from accidentally posting a comment twice. I use the PRG (post redirect get) method, so that I insert the data on another page then redirect the user back to the page which shows the comment. This allows users to refresh as many times as they want. However this doesn't work when the user goes back and clicks submit again or when they click submit 100 times really fast. I don't want 100 of the same comments.
我查看了有关SO的相关问题,发现令牌是最好的.但是我在使用它时遇到了麻烦.
I looked at related questions on SO and found that a token is best. But I am having trouble using it.
//makerandomtoken(20) returns a random 20 length char.
<form method="post" ... >
<input type="text" id="comments" name="comments" class="commentbox" /><br/>
<input type="hidden" name="_token" value="<?php echo $token=makerandomtoken(20); ?>" />
<input type="submit" value="submit" name="submit" />
</form>
if (isset($_POST['submit']) && !empty($comments))
{
$comments= mysqli_real_escape_string($dbc,trim($_POST['comments']));
//how do I make the if-statment to check if the token has been already set once?
if ( ____________){
//don't insert comment because already clicked submit
}
else{
//insert the comment into the database
}
}
因此,我将令牌作为隐藏值,但是如何使用它来防止多次单击提交.
So I have the token as a hidden value, but how do I use that to prevent multiple clicking of submit.
方法: 有人建议使用会议.我将随机令牌设置为$ _SESSION ['_ token']并检查该会话令牌是否等于$ _POST ['_ token'],但是我该怎么做?当我尝试时,它仍然没有检查
METHODS: someone suggested using sessions. I would set the random token to $_SESSION['_token'] and check if that session token is equal to the $_POST['_token'], but how do I do that? When I tried, it still doesn't check
推荐答案
如果要防止重复提交,则必须存储已提交"与未提交"的状态.您可以在哪里保留这些信息的几种选择.
If you want to prevent double submissions, you must store the state of "is submitted" versus "is not submitted". You have several options for where to keep this information.
- 数据库-添加一个具有自动生成的唯一值的隐藏字段(您可以生成一个简短的随机字符串并附加当前时间).如果需要有状态的Web对话,此值也可以用于标识对话.将此值添加到数据库中并使其唯一.缺点:数据库中的冗余存储,注释插入时的性能降低,必须生成唯一的字符串.
- 会话-添加具有相同内容的相同隐藏字段.用户提交表单时,如果该值尚未存在,则将其保存在会话中.如果是这样,那就是双重提交.缺点:您仍然需要生成唯一令牌.
- 浏览器-(1)添加一些JavaScript,以在单击提交按钮后将其禁用. (2)具有一个以0开头的隐藏字段,并在用户单击Submit按钮时更改为1.如果用户再次单击该按钮,则检查该值是否为1,如果为1,则中止.优点:没有唯一的字符串.缺点:需要启用javascript;您仍然可能需要字符串来实现有状态的Web对话.
- Database - Add an hidden field with an autogenerated value that is unique (you can generate a short random string it and append the current time). This value can also be used to identify the conversation -- if you need a stateful web conversation. Add this value to the database and make it unique. Disadvantages: redundant storage in the database, reduced performance on comment insert, have to generate a unique string.
- Session - Add the same hidden field with a value generated in a similar matter. When the user submits the form, save the value in the session if it's not there already. If it is, it's a double submission. Disadvantages: you still need to generate the unique token.
- Browser - (1) Add some javascript to disable the submit button once it's clicked. (2) have an hidden field that starts with the value 0 and is changed to 1 when the user clicks the submit button. If the user clicks the button again, you check whether the value is 1 and abort if it is. Advantages: no unique string. Disadvantages: requires javascript to be enabled; you might require the string anyway to implement stateful web conversations.
这篇关于有什么方法可以防止在表单中重复发布? (PHP)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
