在PHP中提交表单时如何防止多次插入? [英] How to prevent multiple inserts when submitting a form in PHP?
问题描述
有时用户可能会按两次 Enter 两次,并且帖子被插入两次。
有没有解决方案除了检查是否已经有一个具有相同标题和内容?
有几种解决方案可以解决这个问题:
-
使用Javascript在发布时禁用表单的提交按钮。不足之处在于,这绝对不是一种万无一失的方式。提交表单时不需要真正点击按钮就很容易,对于JavaScript禁用的用户也无效。 我绝对不会推荐这种方法。
< script language =javascript>
<! -
function disableSubmitButton(){
//您可以填入空格:)
}
- >
< / script>
< form action =foo.phpmethod =post>
< input type =textname =bar/>
< input type =submitvalue =Saveonclick =disableSubmitButton();>
< / form>
-
使用 PHP会话将会话变量(例如$ _SESSION ['posttimer'])设置为当前时间戳。在PHP中处理表单,检查$ _SESSION ['posttimer']变量是否存在,并检查某个时间戳差异(IE:2秒)。这样,您可以轻松过滤出双重提交。
示例:
// form.html
< input type =textname =bar/>
< input type =submitvalue =Save>
< / form>
$ b $ // foo.php
if(isset($ _ POST)&&!empty($ _ POST))
{
if(isset($ _ SESSION ['posttimer']))
{
if((time() - $ _SESSION ['posttimer'])<= 2)
{
//小于2自上次发布后的秒数
}
else
{
//自上次发布后超过2秒
}
}
$ _SESSION ['' posttimer'] = time();
-
每个POST包含一个唯一标记。 strong>在这种情况下,您还可以为要包含的令牌设置会话变量,然后在窗体中呈现该令牌。表单提交后,您将重新生成令牌。当提交的令牌与会话中的令牌不匹配时,表单已重新提交并应被宣布为无效。
示例:
// form.php
<?php
//显然这可以是任何你想要的,只要它是唯一的
$ _SESSION ['token'] = md5(session_id()。time());
?>
< form action =foo.phpmethod =post>
< input type =hiddenname =tokenvalue =<?php echo $ _SESSION ['token']?> />
< input type =textname =bar/>
< input type =submitvalue =Save/>
< / form>
foo.php
if(isset($ _ SESSION ['token']))
{
if(isset($ _ POST ['token'] ))
{
if($ _POST ['token']!= $ _SESSION ['token'])
{
// double submit
}
Sometimes the user may press Enter twice, and the post is inserted twice.
Is there a solution to prevent this other than check if there is already a post with the same title and content?
There are several solutions to this problem:
Use Javascript to disable the form's submit button when it is posted. Downside to this is that this is ABSOLUTELY not a foolproof way. It's very easy to submit forms without actually clicking the button, and this would also not work for users with JavaScript disabled. I would definitely not recommend this method.
Example:
<script language="javascript"> <!-- function disableSubmitButton() { // you may fill in the blanks :) } --> </script> <form action="foo.php" method="post"> <input type="text" name="bar" /> <input type="submit" value="Save" onclick="disableSubmitButton();"> </form>Use PHP sessions to set a session variable (for example $_SESSION['posttimer']) to the current timestamp on post. Before actually processing the form in PHP, check if the $_SESSION['posttimer'] variable exists and check for a certain timestamp difference (IE: 2 seconds). This way, you can easily filter out double submits.
Example:
// form.html <form action="foo.php" method="post"> <input type="text" name="bar" /> <input type="submit" value="Save"> </form> // foo.php if (isset($_POST) && !empty($_POST)) { if (isset($_SESSION['posttimer'])) { if ( (time() - $_SESSION['posttimer']) <= 2) { // less then 2 seconds since last post } else { // more than 2 seconds since last post } } $_SESSION['posttimer'] = time(); }Include a unique token on each POST. In this case, you would also set a session variable to the token you want to include and then render the token in the form. Once the form is submitted, you re-generate the token. When the submitted token does not match the token in your session, the form has been re-submitted and should be declared invalid.
Example:
// form.php <?php // obviously this can be anything you want, as long as it is unique $_SESSION['token'] = md5(session_id() . time()); ?> <form action="foo.php" method="post"> <input type="hidden" name="token" value="<?php echo $_SESSION['token'] ?>" /> <input type="text" name="bar" /> <input type="submit" value="Save" /> </form> // foo.php if (isset($_SESSION['token'])) { if (isset($_POST['token'])) { if ($_POST['token'] != $_SESSION['token']) { // double submit } } }
这篇关于在PHP中提交表单时如何防止多次插入?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
