Home »
Imported messages »
comp.lang.php »
php double form submit prevent
| Re: php double form submit prevent [message #184336 is a reply to message #184334] |
Tue, 24 December 2013 22:00  |
Christoph Michael Bec
Messages: 207
Registered: June 2013
Karma:
|
Senior Member |
|
|
pppbbb10(at)gmail(dot)com wrote:
> I would like to avoid the double form submit or unwanted submit when
> first time clicking the link to the form which outputs empty data.
>
> The code below seems to prevent double or single empty form or
> previous form submit but it also prevents to submit the form when
> expected.
>
> Main parts of the code as below, all parts on the same php file.
>
> <?php
> session_start();
> $_SESSION['token'] = md5(session_id() . time());
> ?>
>
> [further code snipped]
>
> How to make the condition go through ?
Think about what is happening. :) You're storing a new token as the
first action when the resource is requested -- obviously, any later
comparision with the submitted token will fail. You may deploy another
variable to store the new token till the end of the script, and then
storing it in the session.
The basic algorithm you have used to prevent multiple form submission is
actually a CSRF protection (might be somewhat weak, though) -- if you
don't need it, you may consider implementing the PRG pattern[1], which
might be a better solution of the problem at hand.
[1] <http://en.wikipedia.org/wiki/Post/Redirect/Get>
--
Christoph M. Becker
|
|
|
|
Current Time: Fri Nov 22 09:16:22 GMT 2024
Total time taken to generate the page: 0.04192 seconds
Calendar
Search
Help
Members
Register
Login
Home
]