Home
>
Web Development
>
Preventing Repeat Form Submission Using PHP Sessions

Preventing Repeat Form Submission Using PHP Sessions

We've all seen those messages on some websites warning not to click a button more than once or negative consequences, like paying a bill twice, may result. Sometimes we can cause these problems by hitting the back or refresh buttons. In this article I will explain a methodology whereby a site can ensure each form is submitted only once, thereby demonstrating that such warnings are unnecessary and, depending on the nature of the problems caused, worth repairing immediately. Let's begin by taking a look at the process we are studying: Form Submission. As pedantic as it may seem, it will be worthwhile to detail each of the steps in this process:

Visitor requests a page from the server which has a form on it.

Server retrieves form and sends to user.

User enters data on form and submits to server.

Server processes form data and returns resultant page.

The scenario we now need to analyze is when the user re-triggers a previous form submission process. What we need to find or create is something which changes during the form submission process which does not depend on the specific form being submitted and which we can tell changed. That was a loaded sentence which fully details our solution, so let's break it down. Find or create something which

changes during the form submission process,

does not depend on the specific form being submitted, and

we can tell changed.

Since the item which changes does not depend on the form being submitted (e.g. it doesn't matter if it's a newsletter registration form, customer signup form, payment form, etc.), the item is not something which already exists and therefore must be created, so let's create a form variable called submissionId and assume it has the 3 properties mentioned above. So far, so good -- or so it appears! The third "property" is that "we can tell [it] changed", but "changed" is not a property of a variable, so we need to look at this more closely. In order to tell something changed, we must have a reference point, an answer to the question "changed from what?" This is where a session variable will come into play. If we define a session variable, say $_SESSION['nextValidSubmission'] and treat it as a reference point, we will have all of the tools necessary to protect our visitors. The idea will be to keep the session variable updated with the last submissionId sent out and change the submissionId each time it is sent out to the user. Then, if they try to resubmit the data, they will be submitting an old submissionId which doesn't match nextValidSubmission and we will know not to re-process this data. Let's look at this in terms of the processes:

Visitor requests a page from the server which has a form on it.

Server retrieves form, generates a new submissionId which is embedded into the form, updates nextValidSubmission, and sends to user.

User enters data on form and submits to server.

Server processes form data, changes nextValidSubmission, and returns resultant page.

Now, if the visitor somehow resends the data, they will be sending the old submissionId which will not match the new nextValidSubmission. So, you can now say goodbye to relying on javascript to remove/disable buttons, silly warning messages, and upset customers by preventing form re-submission.

Webmaster of script reference - The *NEW* PHP Reference & Tutorial Site For Non-Programmers
script reference

cleaning help near Mundelein ..

In The News:

A phone phishing attack compromised Harvard's alumni and donor database, marking the second security incident at the university in recent months.

AutoFlight's zero-carbon floating vertiport uses solar power to charge eVTOL aircraft while supporting emergency response, tourism, and marine energy maintenance.

A new phone return scam targets recent buyers with fake carrier calls. Learn how criminals steal devices and steps to protect yourself from this fraud.

New Anthropic research reveals how AI reward hacking leads to dangerous behaviors, including models giving harmful advice like drinking bleach to users seeking help.

The Fox News AI Newsletter gives readers the latest AI technology advancements, covering the challenges and opportunities AI presents.

Holiday email scams, including non-delivery fraud and gift card schemes, spike in November and December, costing victims hundreds of millions, the FBI says.

Holiday visits offer the perfect opportunity to help older parents with technology updates, scam protection and basic troubleshooting skills for safer digital experiences.

Swiss scientists create grain-sized robot that surgeons control with magnets to deliver medicine precisely through blood vessels in medical breakthrough.

Researchers exploited WhatsApp's API vulnerability to scrape 3.5 billion phone numbers. Learn how this massive data breach happened and protect yourself.

Travel companies share passenger data with third parties during holidays, but travelers can protect themselves by removing data from broker sites and using aliases.

Xpeng's humanoid robot moves so realistically that crowds believed it was fake, marking a major advancement in robotics technology ahead of 2026 commercial launch.

Researchers discover phishing scam using invisible characters to evade email security, with protection tips including password managers and two-factor authentication.

iPhone and Android users can reduce battery drain and data usage by restricting Background App Refresh to Wi-Fi connections instead of mobile networks.

Scammers nearly stole an Apple account by exploiting the support system with authentic-looking tickets and phone calls, users can protect themselves with safety steps.

FoloToy restored sales of its AI teddy bear Kumma after a weeklong suspension following safety group findings of risky and inappropriate responses to children.

Threat intelligence firm Synthient uncovers one of the largest password exposures ever, prompting immediate security recommendations.

Viral video shared by Elon Musk shows Tesla's Optimus humanoid robots performing tasks from cooking to construction, garnering over 58.5 million views on social media.

Chinese hackers used Anthropic's Claude AI to launch autonomous cyberattacks on 30 organizations worldwide, marking a major shift in cybersecurity threats.

Apple's new Sleep Score feature gives you a rating for your nightly rest quality. Learn how to set it up on your Apple Watch and iPhone today.

Essential phone settings to enable before losing your device, including Find My network, location services and security features for iPhone and Android.

The Fox News AI Newsletter gives readers the latest AI technology advancements, covering the challenges and opportunities AI presents.

Cybersecurity research shows weak passwords remain a major threat, with simple patterns and number sequences putting millions of accounts at risk.

New Android malware BankBot YNRK silences phones, steals banking data and drains crypto wallets automatically. Learn how this advanced threat works.

FDA approves first human trial for Paradromics' brain-computer interface that could restore speech for paralyzed patients through neural technology.

New phishing platform QRR targets Microsoft 365 users across 1,000 domains in 90 countries. Learn how to spot fake login pages and protect your accounts.

Preventing Repeat Form Submission Using PHP Sessions

Web Development