By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,724 Members | 1,868 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,724 IT Pros & Developers. It's quick & easy.

how to avoid resubmitting the form in php

P: 2
how to avoid resubmitting the form in php
Sep 8 '08 #1
Share this Question
Share on Google+
4 Replies


nathj
Expert 100+
P: 938
On the click of the button remove it or change the caption and make it non-clickable.

Loads of places do this, experiment with the idea.

nathj
Sep 8 '08 #2

100+
P: 258
Hi
Yes that works some how but the problem is that people can still click on refresh button and resubmit the form..
I think the best idea is to do it on server side. Like checking for information in database. I mean if it's a registration page then you can check if the username allready exists. Or if it's a normal form then you can make a HIDDEN input and give it a random value then when user submits the form you can put the random number on the database and check for the existing numbers in the database each time a form is submited.

I'm sure there are other options you can use but client side scripting is not a good idea

Good luck
Sep 8 '08 #3

nathj
Expert 100+
P: 938
Of course server side verification should be considered.

Another option for this would be to use the $_SESSION. You could store the submitted info in the $_SESSION and check that when the form is submitted.

This is what I would do in conjunction with my earlier post.

Cheers
nathj
Sep 8 '08 #4

FLEB
P: 30
The session-variable idea sounds the cleanest, to me. Create a session variable with a random or sequential "Transaction ID". Then, write the ID into the form in a HIDDEN variable.

[PHP]
session_start();

// Generate a $this_tid variable however you want to...

$_SESSION['tids'][$this_tid] = true;

// and when you are building your form, insert the tid field...

echo '<input type="hidden" name="tid" value="'.$this_tid.'" />';

[/PHP]

When the form is submitted, check whether the submitted transaction ID matches any in the session variable, and fail if it doesn't. If the session does
exist, delete the associated transaction ID variable and take action on the submission.

[PHP]
session_start();

if ( array_key_exists($_POST['tid'], $_SESSION['tids'] ) {
unset( $_SESSION['tids'][ $_POST['tid'] ] ); // expire the tid by deleting the array entry.
// Do stuff here
}
else {
echo "You cannot submit this form twice!"; // (and other such user-directed anger)
}
[/PHP]
Sep 8 '08 #5

Post your reply

Sign in to post your reply or Sign up for a free account.