The JavaScript idea will likely work reasonably well, but probably won't stop page refreshes, etc from causing the same problem. Then, of course, there are those users with JS turned off as well, and browsers that won't handle it.

In fact, I don't think you probably really care if somebody clicks on it a hundred times - you just don't want the click to count. The way I've done stuff like this in the past is to simply create a database table, which logs the IP address and date/time of the click, and then just read the table before you add to whatever counter you're incrementing for your "like button," to make sure that the same IP hasn't clicked the button more than once in a given period.

It's not completely perfect, because you could have multiple users with the same external IP (i.e. from a corporate office, for example). There's not much getting around that, without combining the idea with cookies. However, using this method together with cookies and the JavaScript idea, I would think is a fairly solid plan.

Of course, if your users have user-names then it would be easy enough to just flag them in a database table as having "liked" whatever ... but then I don't suppose you'd be asking the question in the first instance if they had user-names.

Excellent points, well said and ++ to DanielSpaniel.

And (to the OP) just FTR, I offered "cookies" as an approach, knowing full well that some users will reject cookies; immediately remove them, or otherwise make their use ineffective. DanielSpaniel's points about the common IP's are well taken... and I should have offered some similar discussion of the limits of cookies, myself.

Broadly though, unless the "like"-button-analogue is somehow related to operational control of a nuclear reactor ...or involved in handing out large sums in small, used, unmarked bills, you will reach a point where it's reasonable to say, 'I've done all that's within reason to secure X; now I need to decide if that's good enough, given the risks/exposures at stake.'

I agree with the point Java script dont think will be helpful here but after reading about the session ID. I feel

When a user visit a webpage a session id is created for that user, By keeping this session id as a hash session => 'true' at server.

When the user click the Like button for the first time, the session key gets changed to session => 'false' .

Now when the user refresh or click back button the session =>'fasle' remain same and thus further like count can be ignored.

Thanks You all ...It Worked.....:)

Or generate a form-session-id, and when someone tries to submit the same form again, when you encounter an existing form-session-id, refuse to insert into database

Hi,

Create an onclick trigger on your button which includes some javascript like -

    doc1.getElementById("testBut1").disabled=true;
[download]

Should do the trick.

J.C.

Create an onclick trigger on your button which includes some javascript [...]] Should do the trick.

Nope. Adding Javascript to the client will never solve a server side problem. Simply because Javascript is not always available on the client (LWP, WWW::Mechnanize, NoScript, filtering proxies, ...). And, quite obviously, it can be disabled on the client. In a WWW environment, you must not trust the client.

The server has to detect that the form was submitted several times. The usual approach is to give each form a unique ID (e.g. a UUID) in a hidden field or as part of the submit URL; and to make sure that each and every ID is accepted exactly once.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)