Implement Debounce and Duplicate Submission Prevention in PHP

In web development, debounce and duplicate‑submission prevention are common concerns; debounce limits rapid event firing while duplicate‑submission protection avoids processing the same form multiple times. This guide shows how to achieve both in PHP with practical code examples.

1. Debounce Implementation

Debounce ensures that a specified operation runs only once within a given time window. In PHP, the session can be used to store a timer and enforce this behavior.

Create a file named debounce.php containing the debounce logic.

<?php
session_start();

function debounce($callback, $delay = 1000) {
    if (isset($_SESSION['debounce_timer'])) {
        return;
    }
    $callback();
    $_SESSION['debounce_timer'] = time() + $delay;
    register_shutdown_function('debounce_reset_timer');
}

function debounce_reset_timer() {
    unset($_SESSION['debounce_timer']);
}

Use the debounce() function to wrap any event handler, such as an AJAX request triggered by user input.

<?php
function handleInput() {
    // process AJAX request
}

debounce('handleInput', 1000);

In this example, handleInput() is the function that processes the AJAX request, and the 1000‑millisecond delay ensures that only the final input after a pause triggers the call.

2. Duplicate Submission Implementation

To prevent users from submitting the same form repeatedly, a unique token can be generated, stored in the session, and verified on submission.

Generate the token as follows:

<?php
session_start();

function generateToken() {
    $_SESSION['submit_token'] = md5(uniqid(rand(), true));
    return $_SESSION['submit_token'];
}

$token = generateToken();

Insert the token into the form as a hidden field:

<input type="hidden" name="submit_token" value="<?php echo $token; ?>">

Validate the token when processing the form submission:

<?php
session_start();

function validateToken($token) {
    if (isset($_SESSION['submit_token']) && $token === $_SESSION['submit_token']) {
        unset($_SESSION['submit_token']);
        return true;
    }
    return false;
}

if ($_POST && validateToken($_POST['submit_token'])) {
    // handle form logic
}

If the token matches the one stored in the session, the form is processed; otherwise, the request is identified as a duplicate submission and can be handled accordingly.

By combining session management with token generation and verification, PHP can effectively implement both debounce and duplicate‑submission protection, as demonstrated with the detailed steps and code snippets above.