0

I found a tutorial recently on how to disable the potential for multiple html form submissions due to impatient folk clicking the submit button a few times, and it reads thus:

Give your button an id such as:

<input type="submit" value="Submit" id="myButton" />

then add a few lines to the form tag:

onsubmit="document.getElementById('myButton').disabled=true;
document.getElementById('myButton').value='Submitting, please wait...';"

Looks great (haven't tried it on my forms yet) but I'm wondering how to translate this to a text link that links to a 'handler script' that enters stuff into my database?

Edit: I think I need to be more specific! I have a form which the (logged in) user submits, they are then taken to a 'preview' page where they preview and can edit or publish their text, hence the text links to the handler script(s).

I'm working in php and sql.

Thanks

Mr C
  • 145
  • 1
  • 1
  • 8

3 Answers3

2

  1. You should not rely on that alone, but prevent duplicate entries server-side as well. (F.e. using a UNIQUE index on database columns, having a token with a form that allows it to only be processed once, etc.)

  2. You could simply add an onclick handler to the link that prevents it from being followed again (return false resp. even.preventDefault()), but

  3. requests that change/create data server-side should not be made using GET, but only POST – and therefor a link would be wrong for this top begin with. (Reason for this rule-of-thumb: Other mechanism might trigger following that link, not only the user clicking it – f.e. a browser (-extension) prefetching resources, or a search engine following links [if the whole thing is publicly accessible and doesn’t require a logged-in user, etc.)

CBroe
  • 82,033
  • 9
  • 81
  • 132
  • All the links that do this sort of thing require you to be logged in to the site, so I guess that's ok, but I'm not familiar with what folks mean by 'token' or how to impliment one, I'll go google it unless someone can step in :) – Mr C May 07 '14 at 19:00
  • I've edited my post to explain why I'm using text links – Mr C May 07 '14 at 19:06
0

I'll borrow a solution I saw from some other guy in here...

Here's the link to that question jQuery disable a link

And a shortcut to Peter DeWeese's answer:

Add this to your CSS

a.disabled {
  opacity: 0.5
  pointer-events: none
  cursor: default
}

And add this to your JS

$('#yourlinksid').click(function (e) {
   $(this).addClass('disabled'))
});

You can then remove the disabled class when you need to with removeClass('disabled')

Community
  • 1
  • 1
martskins
  • 2,810
  • 4
  • 23
  • 50
0

That will not work if the user has javascript disabled. A better approach it to use a CSRF token. Create a unique token when you render the form and then when you process it, check if the token is correct and discard it. If the user clicks the form twice, the token will not be found the second time and you can safely discard the request.

user3557327
  • 839
  • 10
  • 21