Connecting Tech Pros Worldwide Forums | Help | Site Map
bytes > topic > php > answers

how to avoid resubmitting the form in php

Newbie
  
Join Date: Sep 2008
Posts: 2
#1: Sep 8 '08
how to avoid resubmitting the form in php
nathj's Avatar
Expert
  
Join Date: May 2007
Location: North Tyneside
Posts: 854
#2: Sep 8 '08

re: how to avoid resubmitting the form in php

On the click of the button remove it or change the caption and make it non-clickable.

Loads of places do this, experiment with the idea.

nathj
Familiar Sight
  
Join Date: Sep 2007
Posts: 210
#3: Sep 8 '08

re: how to avoid resubmitting the form in php

Hi
Yes that works some how but the problem is that people can still click on refresh button and resubmit the form..
I think the best idea is to do it on server side. Like checking for information in database. I mean if it's a registration page then you can check if the username allready exists. Or if it's a normal form then you can make a HIDDEN input and give it a random value then when user submits the form you can put the random number on the database and check for the existing numbers in the database each time a form is submited.

I'm sure there are other options you can use but client side scripting is not a good idea

Good luck
nathj's Avatar
Expert
  
Join Date: May 2007
Location: North Tyneside
Posts: 854
#4: Sep 8 '08

re: how to avoid resubmitting the form in php

Of course server side verification should be considered.

Another option for this would be to use the $_SESSION. You could store the submitted info in the $_SESSION and check that when the form is submitted.

This is what I would do in conjunction with my earlier post.

Cheers
nathj
FLEB's Avatar
Newbie
  
Join Date: Aug 2008
Posts: 30
#5: Sep 8 '08

re: how to avoid resubmitting the form in php

The session-variable idea sounds the cleanest, to me. Create a session variable with a random or sequential "Transaction ID". Then, write the ID into the form in a HIDDEN variable.

[PHP]
session_start();

// Generate a $this_tid variable however you want to...

$_SESSION['tids'][$this_tid] = true;

// and when you are building your form, insert the tid field...

echo '<input type="hidden" name="tid" value="'.$this_tid.'" />';

[/PHP]

When the form is submitted, check whether the submitted transaction ID matches any in the session variable, and fail if it doesn't. If the session does
exist, delete the associated transaction ID variable and take action on the submission.

[PHP]
session_start();

if ( array_key_exists($_POST['tid'], $_SESSION['tids'] ) {
unset( $_SESSION['tids'][ $_POST['tid'] ] ); // expire the tid by deleting the array entry.
// Do stuff here
}
else {
echo "You cannot submit this form twice!"; // (and other such user-directed anger)
}
[/PHP]
Reply

« previous question | next question »

Similar PHP bytes

/bytes/development

/bytes/it

Forums
Visit our community forums for general discussions and latest on Bytes

Our staff and community areas have moved to bytes.com/forums/

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,392 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved