Sometimes the user may press Enter twice, and the post is inserted twice.
有時,用戶可以按Enter兩次,然后插入兩次post。
Is there a solution to prevent this other than check if there is already a post with the same title and content?
除了檢查是否已經有一個標題和內容相同的帖子外,是否有其他的解決方法來防止這種情況發生?
13 个解决方案
#1
46
There are several solutions to this problem:
對於這個問題有幾種解決方法:
Use Javascript to disable the form's submit button when it is posted. Downside to this is that this is ABSOLUTELY not a foolproof way. It's very easy to submit forms without actually clicking the button, and this would also not work for users with JavaScript disabled. I would definitely not recommend this method.
使用Javascript在表單發布時禁用提交按鈕。缺點是,這絕對不是一種萬無一失的方法。很容易提交表單而不實際單擊按鈕,這也不會為禁用JavaScript的用戶工作。我絕對不會推薦這種方法。
Example:
例子:
Use PHP sessions to set a session variable (for example $_SESSION['posttimer']) to the current timestamp on post. Before actually processing the form in PHP, check if the $_SESSION['posttimer'] variable exists and check for a certain timestamp difference (IE: 2 seconds). This way, you can easily filter out double submits.
使用PHP會話將會話變量(例如$_SESSION['posttimer'])設置為post上的當前時間戳。在實際使用PHP處理表單之前,請檢查$_SESSION['posttimer']變量是否存在,並檢查某個時間戳差異(即:2秒)。這樣,您就可以輕松地過濾出雙提交。
Example:
例子: // form.html
// foo.php
if (isset($_POST) && !empty($_POST))
{
if (isset($_SESSION['posttimer']))
{
if ( (time() - $_SESSION['posttimer']) <= 2)
{
// less then 2 seconds since last post
}
else
{
// more than 2 seconds since last post
}
}
$_SESSION['posttimer'] = time();
}
Include a unique token on each POST. In this case, you would also set a session variable to the token you want to include and then render the token in the form. Once the form is submitted, you re-generate the token. When the submitted token does not match the token in your session, the form has been re-submitted and should be declared invalid.
在每個帖子中包含一個唯一的標記。在這種情況下,您還需要將會話變量設置為您想要包含的令牌,然后在表單中呈現令牌。提交表單后,重新生成令牌。當提交的令牌與會話中的令牌不匹配時,表單已被重新提交並應聲明為無效。
Example:
例子: // form.php
// obviously this can be anything you want, as long as it is unique
$_SESSION['token'] = md5(session_id() . time());
?>
// foo.php
if (isset($_SESSION['token']))
{
if (isset($_POST['token']))
{
if ($_POST['token'] != $_SESSION['token'])
{
// double submit
}
}
}
#2
30
Use a unique token with the post, so that each post/postback is only handled once.
對post使用唯一的令牌,以便每個post/postback只能處理一次。
Disabling the submit button is not a very good solution since people could have javascript turned off, or doing other weird things. Client side validation is a good start, but should always be backed up with server side handling as well.
禁用submit按鈕並不是一個很好的解決方案,因為人們可以關閉javascript或者做其他奇怪的事情。客戶端驗證是一個良好的開端,但是應該始終支持服務器端處理。
#3
5
Generate a unique, one-time use key to submit with the form.
生成一個惟一的、一次性使用的密鑰來提交表單。
Relying on Javascript is a bad idea because it may have been disabled in the client by the user. With the key scheme, when the submit is received by the server, submission for that key can be locked. You can respond to duplicate submits however you like.
依賴Javascript是一個壞主意,因為用戶可能已經在客戶機中禁用了它。使用密鑰方案,當服務器接收到提交時,可以鎖定該密鑰的提交。您可以對重復的提交做出任何您喜歡的響應。
For this approach to work, keys must be unique and very difficult to predict. Otherwise some forms could be locked due to key collisions. So you don't have to track keys for every form submission and avoid collisions, keys should expire with that user's session. The other thing to watch out for is if malicious users are able to predict the key, your code may be vulnerable to some kind of hijacking or DOS exploit.
對於這種工作方法,密鑰必須是唯一的,並且很難預測。否則,由於關鍵沖突,一些表單可能被鎖定。因此,您不必跟蹤每個表單提交的鍵並避免沖突,鍵應該在用戶的會話中過期。另一件要注意的事情是,如果惡意用戶能夠預測密鑰,那么您的代碼可能會受到某種劫持或DOS攻擊的影響。
#4
2
Prevent Duplicate Form Submission shows a way of doing it without javascript.
防止表單提交重復顯示了一種不用javascript完成的方式。
#5
1
Disable the submit button using Javascript once the form gets submitted (onsubmit).
一旦表單提交(onsubmit),就使用Javascript禁用提交按鈕。
Note that if the user has disabled Javascript, they can still submit twice. Whether or not this happens often enough to justify also checking in your code (as you suggested in your question) is up to you.
注意,如果用戶禁用了Javascript,他們仍然可以提交兩次。無論這種情況是否經常發生,也足以證明在代碼中檢查(如您在問題中所建議的那樣)取決於您。
#6
1
Alternatively, use one-time form keys.
或者,使用一次性的表單鍵。
#7
1
I use this:
我用這個:
$form_token = $_SESSION['form_token'] = md5(uniqid());
send $form_token with the form, then...
用表單發送$form_token,然后…
I check the form_token:
我檢查form_token:
if($_SESSION['form_token'] != $_POST['form_token']) {
echo 'Error';
}
#8
0
disable the submit button once the user has submitted the form, using JavaScript. That is what, for example, StackOverflow uses when you answer a question.
用戶提交表單后禁用提交按鈕,使用JavaScript。例如,這就是StackOverflow在回答問題時使用的。
For example
例如
#9
0
Pressing submit twice quite rarely results in multiple inserts, but if you want a dead-simple sollution, use
按兩次提交很少會導致多次插入,但是如果您想要一個非常簡單的方法,請使用
οnsubmit="document.getElementById('submit').disabled = true"
in the form tag, provided you give your submit button id="submit"
在表單標簽中,如果您提供您的submit按鈕id="submit"
#10
0
Use a JavaScript to disable the button as soon as it is clicked.
單擊按鈕時使用JavaScript禁用該按鈕。
οnclick="this.disabled=true;forms[0].submit();"
#11
0
Another way to create a confirmation page where user can finally press the submit button. It might reduce the possibilities of this kind.
另一種創建確認頁面的方法,用戶可以在其中按submit按鈕。它可能會減少這種可能性。
#12
-1
Aron Rotteveel's Include a unique token on each POST worked for me. However, my form still submits when a user refreshes the page (F5). I managed to solve this by adding a reset:
Aron rotveel的每一篇文章都有一個獨特的標記。但是,當用戶刷新頁面時,我的表單仍然提交(F5)。我通過添加復位來解決這個問題:
// reset session token
$_SESSION['token'] = md5( $_POST['token'] . time() );
my final scripts goes like:
我最后的劇本是這樣的:
if (isset($_SESSION['token'])) {
if (isset($_POST['token'])) {
if ($_POST['token'] != $_SESSION['token']) {
echo '
Oops! You already submitted this request.
';} else {
// process form
// reset session token
$_SESSION['token'] = md5( $_POST['token'] . time() );
}
} else {
echo 'post token not set';
$_SESSION['token'] = md5( $somevariable . time() );
}
}
oh! don't forget to add session_start(); before
哦!不要忘記添加session_start();在< ! DOCTYPE >
I am a PHP newbie so please correct me if you find irregularities.
我是PHP新手,如果發現不規范的地方請指正。
#13
-1
Use JavaScript to stop it from sending
使用JavaScript阻止它發送
598
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
