Home
>
Web Development
>
Preventing Repeat Form Submission Using PHP Sessions

Preventing Repeat Form Submission Using PHP Sessions

We've all seen those messages on some websites warning not to click a button more than once or negative consequences, like paying a bill twice, may result. Sometimes we can cause these problems by hitting the back or refresh buttons. In this article I will explain a methodology whereby a site can ensure each form is submitted only once, thereby demonstrating that such warnings are unnecessary and, depending on the nature of the problems caused, worth repairing immediately. Let's begin by taking a look at the process we are studying: Form Submission. As pedantic as it may seem, it will be worthwhile to detail each of the steps in this process:

Visitor requests a page from the server which has a form on it.

Server retrieves form and sends to user.

User enters data on form and submits to server.

Server processes form data and returns resultant page.

The scenario we now need to analyze is when the user re-triggers a previous form submission process. What we need to find or create is something which changes during the form submission process which does not depend on the specific form being submitted and which we can tell changed. That was a loaded sentence which fully details our solution, so let's break it down. Find or create something which

changes during the form submission process,

does not depend on the specific form being submitted, and

we can tell changed.

Since the item which changes does not depend on the form being submitted (e.g. it doesn't matter if it's a newsletter registration form, customer signup form, payment form, etc.), the item is not something which already exists and therefore must be created, so let's create a form variable called submissionId and assume it has the 3 properties mentioned above. So far, so good -- or so it appears! The third "property" is that "we can tell [it] changed", but "changed" is not a property of a variable, so we need to look at this more closely. In order to tell something changed, we must have a reference point, an answer to the question "changed from what?" This is where a session variable will come into play. If we define a session variable, say $_SESSION['nextValidSubmission'] and treat it as a reference point, we will have all of the tools necessary to protect our visitors. The idea will be to keep the session variable updated with the last submissionId sent out and change the submissionId each time it is sent out to the user. Then, if they try to resubmit the data, they will be submitting an old submissionId which doesn't match nextValidSubmission and we will know not to re-process this data. Let's look at this in terms of the processes:

Visitor requests a page from the server which has a form on it.

Server retrieves form, generates a new submissionId which is embedded into the form, updates nextValidSubmission, and sends to user.

User enters data on form and submits to server.

Server processes form data, changes nextValidSubmission, and returns resultant page.

Now, if the visitor somehow resends the data, they will be sending the old submissionId which will not match the new nextValidSubmission. So, you can now say goodbye to relying on javascript to remove/disable buttons, silly warning messages, and upset customers by preventing form re-submission.

Webmaster of script reference - The *NEW* PHP Reference & Tutorial Site For Non-Programmers
script reference

limo prices to midway Crystal Lake west of Randal .. Lockport Chicago limo O’Hare

In The News:

Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future.

The number of people affected by a UnitedHealth data breach in February 2024 was actually higher than previously reported and was the largest medical data breach in U.S. history.

A phishing campaign uses Google Calendar to schedule fake meeting invitations that appear legitimate, redirecting targets to phishing sites.

Toll road text scam: Fake messages claim unpaid fees, seek payment via fraudulent links. Kurt “CyberGuy" Knutsson says this scam is becoming increasingly sophisticated and widespread.

Kurt “CyberGuy" Knutsson says these steps ensure that your friends and family get to the exact moment you want them to see. Try it out and streamline your sharing experience.

Tech expert Kurt “CyberGuy" Knutsson offers tips on how to protect your identity: Be vigilant, monitor accounts, use smart security, know theft response.

Tech expert Kurt “CyberGuy" Knutsson says cybercriminals are exploiting iMessage phishing protection, tricking users to reactivate links.

It's hard to imagine life without in-flight Wi-Fi these days – but sky-high web surfing comes with its own set of privacy concerns. Here's how to protect yourself.

Over 400,000 cases of credit card fraud were reported in 2024 to the Federal Trade Commission. The CyberGuy explains how to protect against becoming another victim.

A nondescript metal box transforms into a fully functional electric motorcycle that blurs the line between vehicle and urban infrastructure.

Many apps unrelated to location still ask users for tracking permission, and Texas Attorney General Ken Paxton has filed a lawsuit seeking to end this alleged practice by Allstate.

Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future.

Melody, the artificial intelligence-powered robot, is life-sized and represents a move toward creating robots that resemble people in appearance and interaction.

Here are five easy smartphone rules from the National Security Agency that you can follow to better protect your mobile device from hackers and scammers.

A U.S. robotics company has developed "Jennie," a robotic pet powered by artificial intelligence that's designed to comfort those facing mental health challenges.

Healthcare records for more than 184 million Americans were breached in 2024, but you can take steps to minimize that risk. Kurt the CyberGuy explains.

The Skyrider X1 from Rictor claims to be the "first amphibious flying passenger motorcycle," and it combines land and air travel in one sleek design.

Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future.

Home inventory and restoration apps help itemize and track every item in your home in the event you have to make an insurance claim after a natural disaster.

The White House launched a new cybersecurity safety label, the U.S. Cyber Trust Mark, intended to help consumers make informed decisions on smart device safety.

Today's tech can help make life so much easier — if you know how to use it. Here are a few tips on the quickest and best ways to make your phone, laptop and other devices work for you.

Tech expert Kurt “CyberGuy" Knutsson offers Windows 11 restart fixes: Update drivers, run system scans and check hardware.

Sony and Honda's Afeela 1 EV launches with advanced tech and entertainment for $89,900. Tech expert Kurt “CyberGuy" Knutsson gives his takeaways.

With limited hard drive space, tech expert Kurt “CyberGuy" Knutsson offers these tips for storing large video files and photos.

Tech expert Kurt “CyberGuy" Knutsson says the $236,000 Yangwang U9 electric hypercar boasts 1,287 horsepower and can jump obstacles.

Preventing Repeat Form Submission Using PHP Sessions

Web Development