I have a completed script and there has been a flaw found in it, basically what happens is if a user clicks submit they are then loaded and forwarded to a new page. But on my rpg somehow the users have found out if they click submit rapidly as many times as possible before that next page can load completely, it'll majorly boost there stats and levels.

So what I'm looking for is some kinda javascript thing or php thing that once a form button is clicked submit, it can't be clicked immediately again. Or something along those lines to solve this bug. It's kind of similar to people trying to double post on a forum, they can click the submit button too many times causing the same posts over and over again. I need a fix for this asap, any ideas?

I have a completed script and there has been a flaw found in it, basically what happens is if a user clicks submit they are then loaded and forwarded to a new page. But on my rpg somehow the users have found out if they click submit rapidly as many times as possible before that next page can load completely, it'll majorly boost there stats and levels.

So what I'm looking for is some kinda javascript thing or php thing that once a form button is clicked submit, it can't be clicked immediately again. Or something along those lines to solve this bug. It's kind of similar to people trying to double post on a forum, they can click the submit button too many times causing the same posts over and over again. I need a fix for this asap, any ideas?

<SCRIPT TYPE="text/javascript">
<!--
document.write("<INPUT TYPE=button VALUE=\"Hide non-strict attributes\""
+ "ID=toggler ONCLICK=\"toggle()\">");
// -->
</script>

Might want to try that.

Im not too familiar with javascript like this so if I was taking this form...

<input type='submit' name='update' value='Submit'></form>

How would I insert those values into that javascript statement?

<SCRIPT TYPE="text/javascript">
<!--
document.write("<INPUT name=update TYPE=submit VALUE=\"Submit\""
+ "ID=toggler ONCLICK=\"toggle()\">");
// -->
</script>

I can tell your not great with html either, as in regular html you should use " not '

<form action="..." method="..." onsubmit="document.getElementById('submitbutton').disabled = true">
.
.
.
<input id="submitbutton" type="submit" />
.
.
.
</form>

A client-side method is not desirable. Use a server-side method such as reading the last date/time the user submitted the form and reject submissions made less than, say, 5 minutes ago.

Actually I took that form from my php so therefor I couldn't use " and had to use '

Anyways That code really screwed me up on this page.
I'm basically posting to self but techniqally the url is
battle.php?compid=$compid&battle=1

And before whenever it reloaded the form, it'd update the sql and everything. Now it completely loses the sql. I am attaching the page so you can see what I mean, the submission is at the bottom btw.

Client side protection as filburt1 said wont work cause users can just do the same from the url...
post this to the auther of the hack as well.

I am the author of the hack