Edward Posted October 1, 2013 Share Posted October 1, 2013 Hi Larry i know you are a busy man but i would like to see how you would implement this successfully in Yii, i need this all over my website and i haven't found any method that successfully works yet. http://en.wikipedia.org/wiki/Post/Redirect/Get If anyone has any methods that work for duplicate submission please let me know below, i tried a few and they failed to work. http://stackoverflow.com/questions/2133964/how-to-prevent-multiple-inserts-when-submitting-a-form-in-php Even this forum cannot protect against it when JS is disabled, so what is the solution? Link to comment Share on other sites More sharing options...
Edward Posted October 1, 2013 Author Share Posted October 1, 2013 Just an update i did get some positive from this but if you redirect the browser back it still does duplicate submissions. By the way i am well aware how to stop this with Javascript, what i am looking for is a bullet proof php solution. Use PHP sessions to set a session variable (for example $_SESSION['posttimer']) to the current timestamp on post. Before actually processing the form in PHP, check if the $_SESSION['posttimer'] variable exists and check for a certain timestamp difference (IE: 2 seconds). This way, you can easily filter out double submits. Example: // form.html<form action="foo.php" method="post"><input type="text" name="bar" /><input type="submit" value="Save"></form>// foo.phpif (isset($_POST) && !empty($_POST)) {if (isset($_SESSION['posttimer'])){if ( (time() - $_SESSION['posttimer']) <= 2){// less then 2 seconds since last post}else{// more than 2 seconds since last post}}$_SESSION['posttimer'] = time();} Update what i could do is create another controller action user/createsuccess for example redirect to this after user/create, then if the user tried to click back they will be at user/createsuccess where you could then redirect them back to the page after. Link to comment Share on other sites More sharing options...
Larry Posted October 3, 2013 Share Posted October 3, 2013 The PHP sessions trick is what I normally do. If there's something that could reasonably be marked as unique in the underlying database, that's a nice fallback protection, too Link to comment Share on other sites More sharing options...
Edward Posted October 3, 2013 Author Share Posted October 3, 2013 I have been working on other stuff and have to come back to this but as far as i know the Session tokens don't work with refreshing or clicking browser back button so you need to use POST/REDIRECT/GET design pattern. I will test both and let you know what i come up, all the online help is very iffy. Link to comment Share on other sites More sharing options...
Recommended Posts