Solved

Preventing multiple form submissions.

Posted on 2004-08-15
4
374 Views
Last Modified: 2008-03-10
Hello everyone,

I am just curious can be done to prevent a client from jamming away on a submit button on a webform?

I have been googling away for a few alternatives but most articles and suggestions I have found involve javascript. Such as http://dotnetjunkies.com/WebLog/mjordan/archive/2004/02/17/7393.aspx. Although this is a terrific solution, it doesn't prevent anyone from being a shyster and disabling javascript and abusing a webform. This can especially be a pain when the form submission involves inserting into a DB. The result being multiple rows inserted.

So there has be some sort of server side solution where if javascript is disabled the multiple form submissions can be ignored or prevented.

My current idea is to forward the form submission to a page (after the webform is validated) that indicates the task is processing. But surely there have to be some other solutions. And I am curious about what other solutions there are out there for this situation.

Thanks
0
Comment
Question by:sboux
  • 2
4 Comments
 
LVL 37

Accepted Solution

by:
gregoryyoung earned 250 total points
Comment Utility
this is one method http://aspzone.com/articles/207.aspx

are you referring to the specific question of someone clicking back and then submitting again ? put a GUID in the querystring/hidden variable/viewstate/whatever and validate with an expected guid saved in session ... when you save, make a new expected guid on the server side ... if they hit back the guids wont match up..

0
 
LVL 9

Assisted Solution

by:glsac
glsac earned 250 total points
Comment Utility
0
 
LVL 37

Expert Comment

by:gregoryyoung
Comment Utility
thats the same logic I posted .... (test)  http://aspzone.com/samples/oneclickbutton.aspx download http://aspzone.com/uploads/oneclickbutton.zip

neither of them handle the back button though (which atleast in my development has been a major issue due to peoples dumpy internet connections etc i.e. they get a this page cannot be displayed error)

0
 

Author Comment

by:sboux
Comment Utility
Thanks for your help guys.

I tried the http://metabuilders.com/Tools/OneClick.aspx webcontrol.  And it did (usually) prevent multiple form submissions.  Although I would get a strange behaviour where if the button was pressed more than once.  It would perform the task I wanted performed once but refused to forward to a page after the process was complete.  It would just sit on the page the form was submitted from.  Submit could then be pressed again and viola 2 database inserts.  In fact when I stepped through the code the Server.Transfer("Foo.aspx") line of code would execute but yet it did nothing to the web application.

Gregory, when I added the GUID validation to the page it fixed the problem above.  Now if the client hits submit more than once the task I need inserts to the database only once the GUID changes after the second button click and then the client is forwarded to a page saying their request has already been processed blah blah blah you hit submit more than once.  Also the GUID validation prevents them from hitting back and re-submitting the form.

Thanks again,   I am suprised there isn't a better system in place to handle the "javascript disabled" people in this scenario.  What a pain it would be if someone wanted to be malicious and fill up a database with bunk data.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Lots of people ask this question on how to extend the “MembershipProvider” to make use of custom authentication like using existing database or make use of some other way of authentication. Many blogs show you how to extend the membership provider c…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now