On 30 July 2010 08:37, Dylan Tusler <dylan.tus...@sunshinecoast.qld.gov.au>wrote:
> We've got an Ajax-ified multi-page form and I want to prevent > double-clicking on the final page's Submit button. My first thought is just > to disable the button in its on_Click event handler. Is this a suitable > approach? > No. It might give you a perfunctory guard against a double-submission in the UI layer but, with the web being what it is, you cannot guarantee it won't be submitted twice. > I've looked around a little, trying to see what is the best approach to > prevent someone from clicking twice (or more) on a submit button, but there > seems to be a wide variety of methods to choose from, many involving > JavaScript, or css, and so on. None of them seem simple enough to risk > experimenting with. > The approach we always apply is: 1. Create a table in your DB, two columns, one being called DoubleSubmitGuard (GUID) and the other being DateTimeSubmittedUTC (Date/time). 2. At the time you generate the form, roll a new GUID, put it in that table, and also embed it in the form. 3. As a part of the form submission process, check that DateTimeSubmittedUTC is null, then do your normal work, and at the end of the transaction set the DateTimeSubmittedUTC to mark the form as submitted. 4. Optionally you can display something to the user along the lines of "This form has already been submitted" if they click submit twice. Also disable the submit button as well if you want to improve the user experience, but I would not be using the disabling of UI elements to effectively implement the integrity if your database. David. -- *David Connors* | da...@codify.com | www.codify.com Software Engineer Codify Pty Ltd Phone: +61 (7) 3210 6268 | Facsimile: +61 (7) 3210 6269 | Mobile: +61 417 189 363 V-Card: https://www.codify.com/cards/davidconnors Address Info: https://www.codify.com/contact