Home
>
Web Development
>
Preventing Repeat Form Submission Using PHP Sessions

Preventing Repeat Form Submission Using PHP Sessions

We've all seen those messages on some websites warning not to click a button more than once or negative consequences, like paying a bill twice, may result. Sometimes we can cause these problems by hitting the back or refresh buttons. In this article I will explain a methodology whereby a site can ensure each form is submitted only once, thereby demonstrating that such warnings are unnecessary and, depending on the nature of the problems caused, worth repairing immediately. Let's begin by taking a look at the process we are studying: Form Submission. As pedantic as it may seem, it will be worthwhile to detail each of the steps in this process:

Visitor requests a page from the server which has a form on it.

Server retrieves form and sends to user.

User enters data on form and submits to server.

Server processes form data and returns resultant page.

The scenario we now need to analyze is when the user re-triggers a previous form submission process. What we need to find or create is something which changes during the form submission process which does not depend on the specific form being submitted and which we can tell changed. That was a loaded sentence which fully details our solution, so let's break it down. Find or create something which

changes during the form submission process,

does not depend on the specific form being submitted, and

we can tell changed.

Since the item which changes does not depend on the form being submitted (e.g. it doesn't matter if it's a newsletter registration form, customer signup form, payment form, etc.), the item is not something which already exists and therefore must be created, so let's create a form variable called submissionId and assume it has the 3 properties mentioned above. So far, so good -- or so it appears! The third "property" is that "we can tell [it] changed", but "changed" is not a property of a variable, so we need to look at this more closely. In order to tell something changed, we must have a reference point, an answer to the question "changed from what?" This is where a session variable will come into play. If we define a session variable, say $_SESSION['nextValidSubmission'] and treat it as a reference point, we will have all of the tools necessary to protect our visitors. The idea will be to keep the session variable updated with the last submissionId sent out and change the submissionId each time it is sent out to the user. Then, if they try to resubmit the data, they will be submitting an old submissionId which doesn't match nextValidSubmission and we will know not to re-process this data. Let's look at this in terms of the processes:

Visitor requests a page from the server which has a form on it.

Server retrieves form, generates a new submissionId which is embedded into the form, updates nextValidSubmission, and sends to user.

User enters data on form and submits to server.

Server processes form data, changes nextValidSubmission, and returns resultant page.

Now, if the visitor somehow resends the data, they will be sending the old submissionId which will not match the new nextValidSubmission. So, you can now say goodbye to relying on javascript to remove/disable buttons, silly warning messages, and upset customers by preventing form re-submission.

Webmaster of script reference - The *NEW* PHP Reference & Tutorial Site For Non-Programmers
script reference

Berwick Chicago charter limousine .. Lockport Chicago limo O’Hare

In The News:

The CyberGuy breaks down five mobile privacy terms that could make a difference when it comes to keeping your personal information safe.

A groundbreaking robot that's like a real-life Wall-E uses advanced artificial intelligence to replicate natural gestures and deliberate actions with striking accuracy.

If not properly managed, Windows Defender Application Control, a security feature with Windows, could be a potential security vulnerability.

Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future.

FlashBot Arm, a semi-humanoid robot, acts more like a human than traditional robots, and you may see it working at a restaurant, healthcare center or hotel.

There are multiple ways to find your missing Android phone after it goes missing. One method involves using a smartwatch to ping your phone.

The NeuroOne OneRF Ablation System is a new device with FDA-cleared technology designed for both diagnosing and treating neurological disorders in one procedure.

The CyberGuy provides tips to protect yourself from criminals who use various methods to make unauthorized transactions using your account information.

New drone technology maps land and water with stunning accuracy, giving researchers and conservationists a new way to understand our planet.

Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future.

X hit with massive data breach with 200 million records leaked, including emails. Tech expert Kurt “CyberGuy" Knutsson offers seven tips to help protect yourself.

Atlas robot by Boston Dynamics amazes tech expert Kurt “CyberGuy" Knutsson with its breakdancing moves.

Tech expert Kurt “CyberGuy" Knutsson talks about how Google kept Android SafetyCore details quiet until it scanned users' photos.

Hydrogen trucks debut in Georgia, sparking debates on costs and green freight gains. Kurt “CyberGuy" Knutsson comments on this promising chapter in green logistics evolution.

Tech expert Kurt “CyberGuy" Knutsson says ChatGPT learns from chats, but you should avoid sharing sensitive information to protect your privacy.

Beyond Aero's BYA-1: Hydrogen-electric jet with zero emissions, reduced costs, 2030 launch. Kurt “CyberGuy" Knutsson discusses a potential game changer in the evolution of air travel.

Kurt "CyberGuy" Knutsson explains how you can creatively repurpose your old unused Android devices, which are full of potential and hidden value.

Mech the super-humanoid robot can lift up to 132 pounds and is designed to tackle stressful and repetitive tasks that often lead to workplace injuries.

Double-clicking is something we all do, often without giving it a second thought. But it could be giving hackers permission to do something dangerous.

Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future.

Kurt the CyberGuy offers some of his easy expert tips to free up storage space on your Android if your device is running short on storage.

You can reset your internet router remotely if you're not home when your power goes out. Kurt "CyberGuy" Knutsson explains how this can be done.

The EO Canopy is a self-sustaining, solar-powered camping platform designed to provide all the comforts of home while completely off the grid.

Experts say hackers who used to focus on Windows operating systems are increasingly targeting Apple IDs as part of a new phishing campaign.

Unitree, a Chinese robotics company that developed a backflipping robot, has now introduced a humanoid robot capable of doing a side flip.

Preventing Repeat Form Submission Using PHP Sessions

Web Development