How to prevent multiple form submission on multiple clicks in PHP

by

Use a unique token generated each time you display a form and which can be used only one time; it is also usefull to prevent CSRF and replay attacks.
A little example :

<?php
session_start();

/**
 * Creates a token usable in a form
 * @return string
 */
function getToken(){
  $token = sha1(mt_rand());
  if(!isset($_SESSION['tokens'])){
    $_SESSION['tokens'] = array($token => 1);
  }
  else{
    $_SESSION['tokens'][$token] = 1;
  }
  return $token;
}

/**
 * Check if a token is valid. Removes it from the valid tokens list
 * @param string $token The token
 * @return bool
 */
function isTokenValid($token){
  if(!empty($_SESSION['tokens'][$token])){
    unset($_SESSION['tokens'][$token]);
    return true;
  }
  return false;
}

// Check if a form has been sent
$postedToken = filter_input(INPUT_POST, 'token');
if(!empty($postedToken)){
  if(isTokenValid($postedToken)){
    // Process form
  }
  else{
    // Do something about the error
  }
}

// Get a token for the form we're displaying
$token = getToken();
?>
<form method="post">
  <fieldset>
    <input type="hidden" name="token" value="<?php echo $token;?>"/>
    <!-- Add form content -->
  </fieldset>
</form>

Combine it with a redirect so you keep a perfect backward and forward behavior.
See the POST / redirect / GET pattern for more information about the redirect.

More Related Contents:

  1. Submitting a multidimensional array via POST with php
  2. Send value of submit button when form gets posted
  3. PHP form – on submit stay on same page
  4. Multiple submit buttons php different actions
  5. Back button re-submit form data ($_POST)
  6. How do I use two submit buttons, and differentiate between which one was used to submit the form? [duplicate]
  7. Replace add to cart button with a read more linked to product page on shop pages in WooCommerce 3
  8. Array to string conversion in php check my code
  9. Php: How to protect images for downloading [duplicate]
  10. How can I store my users’ passwords safely?
  11. PHP Fatal error: Using $this when not in object context
  12. How to return outer html of DOMDocument?
  13. A non well formed numeric value encountered
  14. How to generate all permutations of a string in PHP?
  15. Is PHP compiled or interpreted?
  16. Can you get a Windows (AD) username in PHP?
  17. Merging arrays with the same keys
  18. PHP check whether property exists in object or class
  19. Compare multidimensional arrays in PHP
  20. php: convert milliseconds to date
  21. Will XPath 2.0 and/or XSLT 2.0 be implemented in PHP?
  22. Variable type hinting in Netbeans (PHP)
  23. PHP short circuit lazy evaluation, where is it in the php.net manual?
  24. Output text file with line breaks in PHP
  25. How can I determine a file’s true extension/type programmatically?
  26. mysql_insert_id() returns 0
  27. How do I get database column names in Laravel?
  28. loadHTML LIBXML_HTML_NOIMPLIED on an html fragment generates incorrect tags
  29. php connection pooling mysql [duplicate]
  30. How do I use a class method as a callback function?

Leave a Comment