Home/ Questions/Q 7666589
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T14:52:18+00:00

In my comments system, I noticed a small security bug. In the few seconds

  • 0

In my comments system, I noticed a small security bug. In the few seconds that it takes a page to load, a user can click the “post” button more than once submitting several comments to the database instead of one. I managed to fix this with a simple Javascript input disable thingy, but then I remembered that people could easily edit this using Firebug or Inspect Element.

Is there some sort of PHP solution to this? I’m pretty new, so please don’t go speaking technical words.

Thanks. 🙂

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The most simple solution is to store all data in a session, which you need to determine that comment is unique. A php session is active as long as a user stays on your website, another visitor will have another session. That means, to determine if your visitor clicked the button twice, you only need a) the message and b) on which post (I assume) s/he commented.

    An example:

    session_start();

// This is something you already have, sort-of
$message = $_POST['message']; // Message from user
$post    = $_GET['id']        // Id of post to which he commented

if (isset($_SESSION['message']
 && isset($_SESSION['id']
 && $message === $_SESSION['message']
 && $post === $_SESSION['id'])
{
  // We found out the user has already posted this
  echo 'Error: you clicked twice!';
  exit;
}

// Process message here as you already do

// Store now this just posted message in a session
$_SESSION['message'] = $message;
$_SESSION['id']      = $post;

    With this method you are sure there is no data persisted in the server twice. However, you still need to disable that button with javascript since you cannot disable that button with php as long as your request is going on.

    • 0