How to prevent multiple inserts when submitting a form in PHP?

by

There are several solutions to this problem:

  1. Use Javascript to disable the form’s submit button when it is posted. Downside to this is that this is ABSOLUTELY not a foolproof way. It’s very easy to submit forms without actually clicking the button, and this would also not work for users with JavaScript disabled. I would definitely not recommend this method.

    Example:

    <script language="javascript">
<!--
    function disableSubmitButton() {
        // you may fill in the blanks :)
    }
-->
</script>
<form action="foo.php" method="post">
    <input type="text" name="bar" />
    <input type="submit" value="Save" onclick="disableSubmitButton();">
</form>

  2. Use PHP sessions to set a session variable (for example $_SESSION[‘posttimer’]) to the current timestamp on post. Before actually processing the form in PHP, check if the $_SESSION[‘posttimer’] variable exists and check for a certain timestamp difference (IE: 2 seconds). This way, you can easily filter out double submits.

    Example:

    // form.html
<form action="foo.php" method="post">
    <input type="text" name="bar" />
    <input type="submit" value="Save">
</form>

// foo.php
if (isset($_POST) && !empty($_POST)) 
{
    if (isset($_SESSION['posttimer']))
    {
        if ( (time() - $_SESSION['posttimer']) <= 2)
        {
            // less then 2 seconds since last post
        }
        else
        {
            // more than 2 seconds since last post
        }
    }
    $_SESSION['posttimer'] = time();
}

  3. Include a unique token on each POST. In this case, you would also set a session variable to the token you want to include and then render the token in the form. Once the form is submitted, you re-generate the token. When the submitted token does not match the token in your session, the form has been re-submitted and should be declared invalid.

    Example:

    // form.php
<?php
    // obviously this can be anything you want, as long as it is unique
    $_SESSION['token'] = md5(session_id() . time());
?>
<form action="foo.php" method="post">
    <input type="hidden" name="token" value="<?php echo $_SESSION['token'] ?>" />
    <input type="text" name="bar" />
    <input type="submit" value="Save" />
</form>

// foo.php
if (isset($_SESSION['token']))
{
    if (isset($_POST['token']))
    {
        if ($_POST['token'] != $_SESSION['token'])
        {
            // double submit
        }
    }
}

More Related Contents:

  1. How to prevent form resubmission when page is refreshed (F5 / CTRL+R)
  2. Syntax error unexpected '<' [duplicate]
  3. HTML Form/PHP connected but MySQL is empty
  4. PHP Upload fails for Video but not Image [closed]
  5. How to store variable value after clicking “Submit”?
  6. (PHP) Warning: file_get_contents() [function.file-get-contents]: couldn’t resolve host name
  7. Get $_POST from multiple checkboxes
  8. Multiple inputs with same name through POST in php
  9. How to read if a checkbox is checked in PHP?
  10. method=”post” enctype=”text/plain” are not compatible?
  11. HTML input arrays
  12. Keep values selected after form submission
  13. POST an array from an HTML form without javascript [duplicate]
  14. Best way to avoid the submit due to a refresh of the page
  15. How do I make a PHP form that submits to self?
  16. Serializing and submitting a form with jQuery and PHP
  17. How can I properly escape HTML form input default values in PHP?
  18. PHP POST not working
  19. How to add a delete button to a PHP form that will delete a row from a MySQL table
  20. getting a checkbox array value from POST
  21. How do I pass data between pages in PHP?
  22. How to pass multiple variables across multiple pages?
  23. GET vs. POST Best Practices
  24. PHP $_POST not working? [duplicate]
  25. HTML Form POST to PHP page [closed]
  26. Parsing multipart form data
  27. Simple form not sending data via _POST [duplicate]
  28. POST arrays not showing unchecked Checkboxes
  29. navigate back with PHP form submission
  30. HTML form PHP post to self to validate or submit to new page

Leave a Comment