4

I have a webpage that contains a form that uses the POST method and references the same page it is on for submission. I am using a PHP include file that contains an if statement that runs when the submit value is set. For some reason though, after one submission, every time you refresh the page it submits the form with the previously submitted data (The browser warns of this before refreshing the page). What causes this, and what could I be doing wrong?

user3093450
  • 75
  • 2

3 Answers3

2

This is expected. You should have the form submit to a handler that has a unique URL, whether it be a query string or a different URI. One solution (of many) would be to change your form action:

<form action="?action=submit" method="post">
  <input type="hidden" name="action" value="submit" />
  ...

and then in the PHP script handle the form, then change the context back to a URL without the hidden query string

if (!empty($_POST['action']) && $_POST['action'] == 'submit') {
    // do stuff
    header('Location: '.$_SERVER['SCRIPT_NAME']);
    die();
}

Note the query string is not actually present in $_POST but we keep it there so browsers don't consider it to be a redirect loop.

sjagr
  • 15,983
  • 5
  • 40
  • 67
  • 1
    I would add in the processor, redirect to a third page. Otherwise if a user refreshes your landing page, they're going to submit their data again. – Tim Dec 18 '13 at 18:47
  • 1
    The redirect to the same page without the query string is the "third page" – sjagr Dec 18 '13 at 18:49
  • +1 for simplicity and effectiveness. I just spotted what looked to me like a typo in your code though, hope my correction is OK. – wkille May 08 '18 at 12:00
  • @wkille thanks - it looks like the community (not me) rejected it, probably because the form method is `post` so still may not work. However I did improve on your suggestion and added the hidden input in addition to the query string, so it stays as a unique page and the browser doesn't throw a message saying "too many redirects" – sjagr May 13 '18 at 15:22
0

i had the same issue with one of my pages. the reason is that when the browser warns you that it will submit the form again, that means it is going yo be the same exact thing when you click on a submit button.

I did 2 things to avoid it but i am sure there many other ways. 1. Do not let the page echo the form again after succesfull submission of the form. mine was like this

<?php
 if(!isset($_POST['submit'])) {
include(form.php);// you can modify this according to your needs.
} else {
//display your message about what happened with the form.
}

?>

with that approach, your page will not the contaion a form to submit HOWEVER this will not prevent it from submitting on refresh. 2. if the form is submitted create a contoller input that carries a value indication that the form is already submitted. for example , place this into your form:

<?=(isset($_POST['submit']))?"" :"<input type-"hidden" name="submit_stat" value="true" />" ; ?>

and when you process your form when it is submitted check it with your php and make the script act on that variable like this:

<?php
if($_POST['submit_stat']==true) {
//do not process the form here.
//stop your script
}

?>

Another thing you can do is redirect your page to another page other than the page that handles the form. i believe this is the safest one.

Justin
  • 172
  • 2
  • 15
0

Another Way to prevent this is to move the Post Data to Session, redirect, collect Post back from Session and delete Session Post Data.

if(!empty($_POST) && empty($_FILES)){
    // move post to session
    // redirect to same url (don't forget possible get query)
}else{
    // collect post from session
    // unset post from session
}

Build this as default and you should never have problems with post data.
Only exceptions are File uploads. In this case redirect *after* post processing manualy.

Stefan Brinkmann
  • 965
  • 8
  • 11