How can tokens be used to prevent resubmission of form data in PHP?

To prevent resubmission of form data in PHP, tokens can be used. Tokens are unique identifiers generated for each form submission and stored in a session variable. When the form is submitted, the token is checked to ensure that the form data is not being resubmitted.

&lt;?php
session_start();

if ($_SERVER[&#039;REQUEST_METHOD&#039;] === &#039;POST&#039;) {
    if (!isset($_POST[&#039;token&#039;]) || $_POST[&#039;token&#039;] !== $_SESSION[&#039;token&#039;]) {
        // Token mismatch, do not process the form
        die(&#039;Token mismatch. Please try submitting the form again.&#039;);
    }

    // Process the form data

    // Generate a new token for the next form submission
    $token = bin2hex(random_bytes(32));
    $_SESSION[&#039;token&#039;] = $token;
} else {
    // Generate a token for the initial form load
    $token = bin2hex(random_bytes(32));
    $_SESSION[&#039;token&#039;] = $token;
}
?&gt;

&lt;form method=&quot;post&quot; action=&quot;&quot;&gt;
    &lt;input type=&quot;hidden&quot; name=&quot;token&quot; value=&quot;&lt;?php echo $token; ?&gt;&quot;&gt;
    &lt;!-- Other form fields --&gt;
    &lt;button type=&quot;submit&quot;&gt;Submit&lt;/button&gt;
&lt;/form&gt;

Keywords

CSRF protection form tokens session management form submission security vulnerability

How can tokens be used to prevent resubmission of form data in PHP?

Keywords

Related Questions