How to prevent multiple form submissions in PHP?

In this post, we gonna see how we can prevent multiple submissions of a form in PHP applications.

Sometimes a user may hit submit button twice or the user may reload the page(with post data), both activities make form processing multiple times with the same data, this results in duplicate records in DB or duplicate Emails in the Inbox.

In order to avoid this behavior in PHP, we will include a unique token on each post request this method is also useful to prevent CSRF and replay attacks. we will include generated unique key in form hidden filed and in a session variable. Once the form is submitted we will compare the hidden field value with the session token value, if both values match the form submission is valid, if the token does not match the token in your session, the form has been re-submitted.

How to generate a token

In this example, the PHP function uniqid() is used to generate the form token value.

Show me the Logic

just copy the above code and past it to the form page. then create a hidden field inside the form as shown below

In the form process page ,we will compare the token as shown below

Complete Example

Below is the completed sample script for preventing multiple form submissions in PHP.

Create process.php file and place blow code in it.

I hope it helps you guys to prevent multiple form submissions.

Do share it and let your friend’s know about it.

I hope you like this Post, Please feel free to comment below, your suggestion and problems if you face - we are here to solve your problems.

0 0 vote
Article Rating
Subscribe
Notify of
guest
8 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Dennis
Dennis
4 years ago

I was looking for a solution like this, although this code doesn’t work. You don’t regenerate $form_token. You always post $form_token and it always ends up in the else clause. Do you have any fix for this?

arjun
4 years ago
Reply to  Dennis

At the top of the page we are generating right -$form_token = uniqid();

Dennis
Dennis
4 years ago
Reply to  arjun

You should try it with a larger form and do some checks if fields are set. I use it with a quite large form that takes a few seconds to submit and write the data to the database. The idea is fantastic, and it works. But I think it only works because you have a very small form, and you simply don’t have the time to do a doubleclick. At least that’s my observation.

arjun
4 years ago
Reply to  Dennis

I didn’t get issue?

Stuart Norman
Stuart Norman
2 years ago

How can you do this for a form that uses ajax? My sessions doesn’t seem to be carried over for some strange reason.

Vincent
Vincent
1 month ago

I don’t see how this would prevent the scenario where a user refreshes the page that processed the submitted data causing the submitted data to be processed again. The token in session will still be the same as the token that was submitted.

Vincent
Vincent
1 month ago

To make this work you need to unset the session value after the form is submitted the first time: unset($_SESSION[‘form_token’]); Otherwise the user can press F5 or otherwise refresh the page and submit the same data again.

Last edited 1 month ago by Vincent
DMCA.com Protection Status
8
0
Would love your thoughts, please comment.x
()
x