php session validation

Question

I want to achieve that a user cannot send the same input twice. I use a php script to submit user input.

My idea is to save his inputs in a session array and each time that he submits something check through the array if it matches one of the things he already submitted before.

The code looks like this:

    //Compare post with what user has posted so far; if the same, exit (spam protection)
    foreach($_SESSION['postarray'][] as $postarray) if($post=$postarray) exit;

    //Save post in session of all other posts
    $_SESSION['postarray'][]=$post;

I get the following error:

Fatal error: Cannot use [] for reading in /Applications/XAMPP/xamppfiles/htdocs/postish/action/post.php on line 32 (which refers to the line with the foreach() loop)

Even after changing the function to only $_SESSION['post array'], it doesn't work either.

Any help much appreciated :)

Dennis

Answer 1

If you want to stop a user from sending the same data twice, you need to look into using a nonce (number used once)

There are a few examples:

• How to create and use nonces
• http://en.wikipedia.org/wiki/Cryptographic_nonce
• http://fullthrottledevelopment.com/php-nonce-library

Answer 2

Operator [] adds a new element to array.

To get elements for foreach loop you have to use it without []:

foreach($_SESSION['postarray'] as $postarray)
    if ($post == $postarray) exit;

And pay attention to comparison operator == which is used to check the equality of the variables.

The better option to check if $post exists in $_SESSION['postarray'] is to use in_array function:

if (in_array($post, $_SESSION['postarray'])) exit;

Answer 3

You accidentally used the assignment operator = instead of the comparion operator == or ===.

So you need to replace if($post=$postarray) with if($post == $postarray)

You also need to remove the [] in foreach($_SESSION['postarray'][] as $postarray) as [] is only used when inserting a new array element.