Home
>
Web Development
>
Preventing Repeat Form Submission Using PHP Sessions

Preventing Repeat Form Submission Using PHP Sessions

We've all seen those messages on some websites warning not to click a button more than once or negative consequences, like paying a bill twice, may result. Sometimes we can cause these problems by hitting the back or refresh buttons. In this article I will explain a methodology whereby a site can ensure each form is submitted only once, thereby demonstrating that such warnings are unnecessary and, depending on the nature of the problems caused, worth repairing immediately. Let's begin by taking a look at the process we are studying: Form Submission. As pedantic as it may seem, it will be worthwhile to detail each of the steps in this process:

Visitor requests a page from the server which has a form on it.

Server retrieves form and sends to user.

User enters data on form and submits to server.

Server processes form data and returns resultant page.

The scenario we now need to analyze is when the user re-triggers a previous form submission process. What we need to find or create is something which changes during the form submission process which does not depend on the specific form being submitted and which we can tell changed. That was a loaded sentence which fully details our solution, so let's break it down. Find or create something which

changes during the form submission process,

does not depend on the specific form being submitted, and

we can tell changed.

Since the item which changes does not depend on the form being submitted (e.g. it doesn't matter if it's a newsletter registration form, customer signup form, payment form, etc.), the item is not something which already exists and therefore must be created, so let's create a form variable called submissionId and assume it has the 3 properties mentioned above. So far, so good -- or so it appears! The third "property" is that "we can tell [it] changed", but "changed" is not a property of a variable, so we need to look at this more closely. In order to tell something changed, we must have a reference point, an answer to the question "changed from what?" This is where a session variable will come into play. If we define a session variable, say $_SESSION['nextValidSubmission'] and treat it as a reference point, we will have all of the tools necessary to protect our visitors. The idea will be to keep the session variable updated with the last submissionId sent out and change the submissionId each time it is sent out to the user. Then, if they try to resubmit the data, they will be submitting an old submissionId which doesn't match nextValidSubmission and we will know not to re-process this data. Let's look at this in terms of the processes:

Visitor requests a page from the server which has a form on it.

Server retrieves form, generates a new submissionId which is embedded into the form, updates nextValidSubmission, and sends to user.

User enters data on form and submits to server.

Server processes form data, changes nextValidSubmission, and returns resultant page.

Now, if the visitor somehow resends the data, they will be sending the old submissionId which will not match the new nextValidSubmission. So, you can now say goodbye to relying on javascript to remove/disable buttons, silly warning messages, and upset customers by preventing form re-submission.

Webmaster of script reference - The *NEW* PHP Reference & Tutorial Site For Non-Programmers
script reference

spotless home service Lake Forest ..

In The News:

A Columbia University breach exposed names, Social Security numbers and academic records of nearly 869,000 people, with notifications beginning in August.

Rental car drivers use AI-powered apps like Proofr to protect themselves from unfair damage fees as major companies deploy automated inspection tools.

Fox News' AI newsletter brings you the latest on technology advancements around artificial intelligence.

OnTrac data breach between April 13-15, 2025, exposed personal information of over 40,000 people including Social Security numbers and medical records.

A woman named Wika announces her engagement to an AI chatbot sparking worldwide debate about virtual relationships and technology.

The notorious people search site National Public Data relaunches despite a previous breach affecting 3 billion individuals, raising fresh privacy concerns.

Revolutionary TRAUMAGEL gel controls life-threatening bleeding from gunshot wounds and traumatic injuries, helping first responders prevent prehospital deaths.

Protect your home network by enabling proper encryption, creating strong passwords, checking connected devices and using VPN and antivirus software.

The Navy's solar-powered Skydweller drone flew nonstop for 73 hours in Mississippi, proving renewable energy can power long-endurance military missions.

Moving and downsizing expose seniors to identity theft and scams as data brokers collect real estate records and personal information to sell to criminals.

ShengShu's Vidar technology revolutionizes humanoid robot training by using AI-generated synthetic video, reducing required training data from hours to just 20 minutes.

Apple's older Mac computers face security risks without regular updates, but 10 essential tips including FileVault encryption and strong passwords can keep aging Macs protected.

Self-driving trucks from PlusAI could reshape freight transportation by 2027, addressing driver shortages and reducing logistics costs for businesses.

Solar farms are turning to sheep instead of mowers to cut grass under solar panels, lowering costs, reducing emissions and creating new income for farmers.

Fraudsters posing as local officials are making fake calls about missed jury duty, demanding payments in a rising scheme that exploits fear of arrest.

Honeywell Aerospace engineers developed a "surface alert system" that gives pilots two aural warnings when they are 15 and 30 seconds away from a collision on the runway.

Anonymous researcher has scraped public Spotify accounts of politicians and celebrities, highlighting major privacy risks in default platform settings.

AI chatbot toys marketed as screen-free playmates could undermine children's empathy and critical thinking skills, according to pediatric specialists.

TransUnion confirms a major data breach affecting 4.4 million U.S. consumers after hackers exploited third-party Salesforce apps to steal personal info.

Scammers use fake DocuSign emails claiming Apple Pay charges to steal personal information using fraudulent phone numbers and fake receipts.

Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future.

Farmers Insurance confirms data breach affecting over 1.1 million customers nationwide, exposing customer info including addresses.

The iconic Mary Kay pink Cadillac goes electric with the Cadillac Optiq, available only to the company's top 1% of sales force performers.

Cybercriminals abuse trusted Intel driver to gain kernel access and shut down Windows Defender, enabling undetected malware deployment since July 2025.

Using email aliases for online shopping and subscriptions can protect your privacy by preventing companies from linking your activity across websites.

Preventing Repeat Form Submission Using PHP Sessions

Web Development