In the script I'm currently developing, I've run into a problem Ive been having difficulty solving. The script is contained within one file (index.php) and has a form that allows the user to submit data, the action page being index.php. The script processes the data and then displays it in a table. However, if the user submits a form and then happens to refresh the page a window comes up asking for confirmation to resend the POST data. I'm at a lost on how to prevent this. I've tried the redirection using header("Refresh: 2; URL=index.php"); PHP: and echo '<meta http-equiv="refresh" content="2;URL=index.php">'; PHP: but they don't work. Can anyone help me here?
I generally check for duplicate records in a database to avoid this. If you are not using databases, you can set a session ID at first submission, or better a cookie. Now when the cookie is set, it won't be read on the same page, unless the page is refreshed. So, if there is no cookie, display the table. Otherwise display error, redirect to the form, and delete the cookie, so on submit, a cookie will not be found. There could be a better way of doing this, and let's see if someone comes up with something. Bye.
I was thinking of using the database to check, but unfortunately the script uses quite a lot of database connections as it is I've currently got a work around where upon successful completion of the form, the user gets redirected to a redirect page, which automatically redirects the person back to index.php. Just wish there was a better way of doing it that didn't involve cookies, sessions, etc. I was looking for a way that couldnt be manipulated at all The userbase I'm targetting with this thing can be mischevious and fall of crap sometimes
Try adding a hidden field to your form. <input name="a" type="hidden" id="a" value="submit"> HTML: Then add this on top. $sAction = $_POST['a']; // Make sure this is not $_GET if ($sAction == "submit") { // process your form here.. header("Location: index.php"); exit; } PHP: Once they're back on index.php, they can refresh and the form won't be reposted. However, they can always press back and the same problem would come up. So ideally, check the database for a unique form id, or use sessions! I would use sessions. Simply set one session variable as soon as the form is submitted. Whenever the form loads, check if this session variable exists. If it does, do not show anything. Not sure if this is the best way though, maybe someone will come up with something better! Marc
Well, i was thinking of using sessions however it could be problematic if there are multiple pages open Nah, think the best way is simply to move the form processing to a seperate file
I would recommend both splitting the process logic into separate files and also using the header redirect. This clean separation will address the issue in an efficient manner. Bobby
Yea, I realised this too after sitting back and looking at the script. My initial reason for putting it all into one file was that I hate having to look through dozens of include files to find code and didn't want anyone else to go through the same problem (Im releasing the script [well, it's looking more like an app now] under the GPL once its done), however I suppose it's a trade off. Proper and extensive documentation should help ease any problems too Btw, congrats on the Zend certification