防止在 Web 应用程序中不使用 JavaScript 或 JQuery 的多次提交按钮单击？

如果你有一个登录用户的 id 字段，这会更容易，因为你可以为特定用户提交的结果创建一个表，在将其输入到 Fruits 表之前，检查用户是否已经提交了相同的数据.从它的外观来看，您似乎没有任何用户标识字段，因此防止重复的一种黑客方法可能是利用会话。会话对于当前使用您的应用程序/网站的用户是唯一的。每个访问您的网站/应用程序的人都会获得自己唯一的会话 ID。（它们存储为 cookie）例如：protected void doPost(...){   String fruit = request.getParameter("fruit");   String color = request.getParameter("color");   //unless you wanna complicate things, i would create a string out of the two parameters and store it into an arraylist of strings   String value = fruit+color;    HttpSession session = (request.getSession()); //get session   if(null == session.getAttribute("duplicates")){ //if session variable empty then we know that user has not submitted anything yet so we let them insert into db     insertFruit(fruit,color); //add to db     ArrayList<String> duplicates = new ArrayList<String>(); //create arraylist     duplicates.add(value); //add our unique value     session.setAttribute("duplicates", duplicates); //set as session variable    }else{     //here the session variable is not empty so that means the user has already submitted something so lets check the arraylist and make sure the value does not already exist     ArrayList<String> duplicates = (ArrayList<String>) session.getAttribute("duplicates");     if(!duplicates.contains(value)){      //if arraylist does not contain the same value, then it's safe to add       insertFruit(fruit,color); //add to db      //forgot this part      duplicates.add(value);      session.setAttribute("duplicates", duplicates); //update the variable     }    }   response.sendRedirect("results?ADD=SUCCESS");}public void insertFruit(String fruit, String color){       try(Connection connect = SQLHelperClass.connectOnly()){         PreparedStatement pst = connect.prepareStatement("INSERT INTO practice (fruit, color) VALUES (?, ?);");        pst.setString(1, fruit);        pst.setString(2, color);        pst.executeUpdate();          }catch (SQLException e) {            e.printStackTrace();          }}编辑 1：关于不为每个 servlet 重复数据库操作的评论。你需要把逻辑分开。人们通常的做法是为所有数据库操作创建一个单独的类。例如...创建一个名为的类FruitDao，在这里保存所有与水果相关的数据库操作公共类 FruitDao{public void insertFruit(String fruit, String color){       try(Connection connect = SQLHelperClass.connectOnly()){         PreparedStatement pst = connect.prepareStatement("INSERT INTO practice (fruit, color) VALUES (?, ?);");        pst.setString(1, fruit);        pst.setString(2, color);        pst.executeUpdate();          }catch (SQLException e) {            e.printStackTrace();          }}要从您的 servlet 调用它，只需执行以下操作：protected void doPost(...){   FruitDao fdao = new FruitDao(); // get the db class for fruits   String fruit = request.getParameter("fruit");   String color = request.getParameter("color");   //unless you wanna complicate things, i would create a string out of the two parameters and store it into an arraylist of strings   String value = fruit+color;    HttpSession session = (request.getSession()); //get session   if(null == session.getAttribute("duplicates")){ //if session variable empty then we know that user has not submitted anything yet so we let them insert into db     fdao.insertFruit(fruit,color); //add to db     ArrayList<String> duplicates = new ArrayList<String>(); //create arraylist     duplicates.add(value); //add our unique value     session.setAttribute("duplicates", duplicates); //set as session variable    }else{     //here the session variable is not empty so that means the user has already submitted something so lets check the arraylist and make sure the value does not already exist     ArrayList<String> duplicates = (ArrayList<String>) session.getAttribute("duplicates");     if(!duplicates.contains(value)){      //if arraylist does not contain the same value, then it's safe to add        fdao.insertFruit(fruit,color); //add to db      //forgot this part      duplicates.add(value);      session.setAttribute("duplicates", duplicates); //update the variable     }    }   response.sendRedirect("results?ADD=SUCCESS");}

防止在 Web 应用程序中不使用 JavaScript 或 JQuery 的多次提交按钮单击？

1回答