Stop form from writing to database if user double submits

Question

I have a question I looked it up everywhere and I still seem stuck.

If I submit a form via post -> variable -> database and then redirect to another page using header(location:page.php); in the time it takes to redirect and I click on the submit button it still inserts duplicate data into the database.

How do I prevent that from happening? As I read on tokens but I can't see how it will work without processing my form data on another page and I don't want to do that.

Please see below html :

<form name="frmall" class="col s12" action="" method="post">
    <!--basic info------------------------------------------------------------------------------------------------------------->
    <div class="divider"></div>
    <div class="section">
        <h5>Basic Member Information</h5>
        <div class="row">
            <div class="input-field col s6">
                <input id="first_name" name="txt_name" type="text" class="validate"
                    value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_name']; }  ?>">
                <label for="first_name">First Name</label>
            </div>
            <div class="input-field col s6">
                <input id="last_name" type="text" name="txt_surname"
                    class="validate"
                    value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_surname']; } ?>">
                <label for="last_name">Last Name</label>
            </div>
            <div class="input-field col s6">
                <input id="icon_telephone" type="tel" name="txt_number"
                    class="validate"
                    value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_number']; } ?>">
                <label>Telephone</label>
            </div>
            <div class="input-field col s6">
                <input id="email" type="email" name="txt_email" class="validate"
                    value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_email']; } ?>">
                <label for="email" data-error="wrong" data-success="right">Email</label>
            </div>
            <div class="input-field col s6">
                <input id="idnumber" type="text" name="txt_idnumber"
                    class="validate"
                    value="<?php if(isset($_POST['btnContinue'])){echo $_POST['txt_idnumber']; }  ?>">
                <label>ID Number</label>
            </div>
        </div>
        <button class="btn waves-effect waves-light" type="submit"
            name="btnCancel">Cancel</button>
        <button class="btn waves-effect waves-light" type="submit"
            name="btnContinue">Continue</button>

    </div>
</Form>

PHP (please not its just for en example):

if (isset($_POST['btnContinue'])) {
      $Conn->insert_main_member($name, $surname, $number, $idnumber, $email);
      header(location:page.php);
   }

So how do I prevent double submit without disabling the button? Please assist.

If the user is logged in you could add a timestamp column to your table and update this value when you update an entry in the table, then compare this time agains the `REQUEST_TIME` and then only make a new update if enough time has passed? — Cyclonecode, Nov 01 '16 at 09:43
don't think it will work because say the site has a delay and you press submit multiple times ? — Christiaan, Nov 01 '16 at 09:48
Well if you don't want the user to double post the form data, why not just disable the button? — Cyclonecode, Nov 01 '16 at 09:49
why not clear the form after submit? to clear the form after success you could write $_POST = array(); — Masivuye Cokile, Nov 01 '16 at 09:50
@Masivuye Cokile I tried that still gives duplicates in my database — Christiaan, Nov 01 '16 at 09:53
@Cyclone because say your javascript is disabled ?then that doesnt work — Christiaan, Nov 01 '16 at 09:53
Duplicate: http://stackoverflow.com/questions/15626868/prevent-double-form-submit-using-tokens — R. Chappell, Nov 01 '16 at 09:56
@Christiaan - Then your best approach would be to use a CRSF token like suggested below. http://security.stackexchange.com/questions/162/what-is-the-correct-way-to-implement-anti-csrf-form-tokens — Cyclonecode, Nov 01 '16 at 09:56

Stop form from writing to database if user double submits

0 Answers0