防止表单重复提交

防止表单的重复提交操作，文章分为前端javascript防止重复提交和服务器端的防止重复提交两种方式。

一、javascript防止表单重复提交

<html>  <head>    <title>Login.html</title><script type="text/javascript">var iscommitted = false;function dosubmit(){if(!iscommitted){iscommitted = true;return true;}else{return false;}}</script>  </head>    <body>  <form action="/JavaWebLearn1/servlet/Login" method="post" onsubmit="return dosubmit()">  username:<input type="text" name="username"/><br/>  password:<input type="password" name="password"/><br/>  <input type="submit" value="Login"/>"  </form>  </body></html>

这种方式可以防止重复提交，但是并不彻底，如若有人恶意修改javascript代码则没有什么效果

二、服务器端防止表单提交

访问网页时，有一个Servlet产生随机码，然后getRequestDispatcher到表单页面，

先是Servlet处理产生随机码的代码

public class FormServlet extends HttpServlet {public void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {//产生随机数TokenProcessor tp = TokenProcessor.getInstance();String token = tp.generateToken();request.getSession().setAttribute("token", token);request.getRequestDispatcher("/form.jsp").forward(request, response);}public void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {doGet(request, response);}}class TokenProcessor{//令牌//1.构造对象私有化private TokenProcessor(){}//2.自己创造一个对象private static final TokenProcessor instance = new TokenProcessor();//3.对外暴露一个方法，允许获取上面创造的对象public static TokenProcessor getInstance(){return instance;}public String generateToken(){String token = System.currentTimeMillis()+new Random().nextInt()+"";try {MessageDigest md = MessageDigest.getInstance("md5");byte[] md5 = md.digest(token.getBytes());//base64编码BASE64Encoder encoder = new BASE64Encoder();return encoder.encode(md5);} catch (NoSuchAlgorithmException e) {// TODO Auto-generated catch blockthrow new RuntimeException(e);}}}

此时会跳转到form.jsp页面

form.jsp代码

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>  <head>    <base href="<%=basePath%>">    <title>My JSP 'form.jsp' starting page</title>  </head>  <body>    <form action="/JavaWebLearn1/servlet/LoginServlet" method="post">    <input type="hidden" name="token" value="${token}"/>    用户名:<input type="text" /><br/>    <input type="submit" value="提交"/>"    </form>  </body></html>

在表单页面上上放入隐藏的token用于放码，然后页面提交后提交到LoginServlet处理程序

LoginServlet处理程序

public class LoginServlet extends HttpServlet {public void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {boolean b = isTokenValid(request);if(!b){System.out.println("请不要重复其提交");return;}request.getSession().removeAttribute("token");System.out.println("向数据库中注册用户");}//判断表单号是否有效private boolean isTokenValid(HttpServletRequest request) {String client_token = request.getParameter("token");if(client_token==null){return false;}String server_token = (String) request.getSession().getAttribute("token");if(server_token==null){return false;}if(!client_token.equals(server_token)){return false;}return true;}public void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {doGet(request, response);}}

运行结果为