Four ways to prevent duplicate submissions

  When users operate form data, the problem of repeated submission of form data is often encountered, especially in Web development, such problems are relatively common. Refreshing the page, going back to the previous page, and pressing multiple buttons on a single machine will result in repeated submission of data. Such problems are caused by the browser repeatedly submitting HTTP requests.

   The following is a brief introduction to the four solutions that I know of to prevent repeated submission of form data during development.

1. Add a unique field to the database

    When creating a database table, add a primary key constraint to the ID field, and add a unique constraint to the account and name information. Make sure that only one item of data can be added to the database.

   This method is the most effective in preventing duplicate submission of data.

2. Use js to add disable

  After the user submits the form, you can use js to hide the submit button (disable attribute) to prevent the user from clicking the button multiple times to submit data.

    Note: This method has no effect if js is forbidden by the client.

3. Use Post /Redirect /Get

  Post/Redirect/Get is abbreviated as PRG, which is a web design pattern that can prevent repeated submission of form data. Typical problems of repeated submission of form data, such as user refresh submission response pages, can be avoided by using PRG mode. For example, when the user submits successfully, perform client-side redirection and jump to the submission success page.

   Note: The PRG design pattern does not apply to all duplicate submissions, such as:

       1) Due to the slow response of the server, the user refreshes and submits the repeated submission caused by the POST request.

       2) The user clicks the back button to return to the data submission interface, resulting in repeated submission of data.

       3) The user clicks the submit button multiple times, resulting in repeated submission of data.

       4) The user maliciously avoids the client's means of preventing multiple submissions and performs repeated data submission.

Fourth, use the session to set the token

  When generating a page, the server assigns a unique random identification number to each generated Form, sets the identification number in a hidden field of the form, and saves the identification number in the current user's Session at the same time. When submitting the form, the server compares whether the identification numbers in hidden and session are the same, if they are the same, continue, and clear the session after processing, otherwise the server ignores the request.

   Note: Malicious users can take advantage of this property to repeatedly visit the page, so that the number of identification numbers stored in the session keeps increasing, and eventually consumes server memory seriously. This problem can be solved by recording the time of the user posting in the Session, and then limiting the number of consecutive postings by a user through a time interval.

  When users operate form data, the problem of repeated submission of form data is often encountered, especially in Web development, such problems are relatively common. Refreshing the page, going back to the previous page, and pressing multiple buttons on a single machine will result in repeated submission of data. Such problems are caused by the browser repeatedly submitting HTTP requests.

   The following is a brief introduction to the four solutions that I know of to prevent repeated submission of form data during development.

1. Add a unique field to the database

    When creating a database table, add a primary key constraint to the ID field, and add a unique constraint to the account and name information. Make sure that only one item of data can be added to the database.

   This method is the most effective in preventing duplicate submission of data.

2. Use js to add disable

  After the user submits the form, you can use js to hide the submit button (disable attribute) to prevent the user from clicking the button multiple times to submit data.

    Note: This method has no effect if js is forbidden by the client.

3. Use Post /Redirect /Get

  Post/Redirect/Get is abbreviated as PRG, which is a web design pattern that can prevent repeated submission of form data. Typical problems of repeated submission of form data, such as user refresh submission response pages, can be avoided by using PRG mode. For example, when the user submits successfully, perform client-side redirection and jump to the submission success page.

   Note: The PRG design pattern does not apply to all duplicate submissions, such as:

       1) Due to the slow response of the server, the user refreshes and submits the repeated submission caused by the POST request.

       2) The user clicks the back button to return to the data submission interface, resulting in repeated submission of data.

       3) The user clicks the submit button multiple times, resulting in repeated submission of data.

       4) The user maliciously avoids the client's means of preventing multiple submissions and performs repeated data submission.

Fourth, use the session to set the token

  When generating a page, the server assigns a unique random identification number to each generated Form, sets the identification number in a hidden field of the form, and saves the identification number in the current user's Session at the same time. When submitting the form, the server compares whether the identification numbers in hidden and session are the same, if they are the same, continue, and clear the session after processing, otherwise the server ignores the request.

   Note: Malicious users can take advantage of this property to repeatedly visit the page, so that the number of identification numbers stored in the session keeps increasing, and eventually consumes server memory seriously. This problem can be solved by recording the time of the user posting in the Session, and then limiting the number of consecutive postings by a user through a time interval.

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=324579751&siteId=291194637