2

I have page called selectrooms.php. when click the "Add" button it goes to "getrooms.php" page. When I'm in getrooms.php and click back button, there is not loading selectrooms.php page. error called "Confirm form re submission". How can prevent this error? I would be grateful if anyone can help me to slove this problem. Thanks.

Selectrooms.php

 <?php


   $con=mysql_connect('localhost','root','') or die(mysql_error());
mysql_select_db('hotel') or die("Cannot select DB");




if(isset($_POST['submit'])) 

{


    $start = $_POST['checkin'];
    $end = $_POST['checkout'];
    $hotel_id = $_POST['hotel_id'];





$counter1 = mysql_query("SELECT * FROM rooms WHERE  hotel_id='".$hotel_id."' AND room_type = 'standard' ");
$num1 = mysql_num_rows($counter1);
echo 'Total Standard Rooms  : ' .("$num1");

echo '<br>';
$counter2 = mysql_query("SELECT * FROM rooms WHERE  hotel_id='".$hotel_id."' AND room_type = 'deluxe' ");
$num2 = mysql_num_rows($counter2);
echo 'Total Deluxe Rooms  : ' .("$num2");
echo '<br>';

$counter3 = mysql_query("SELECT * FROM rooms WHERE  hotel_id='".$hotel_id."' AND room_type = 'luxury suite' ");
$num3 = mysql_num_rows($counter3);
echo 'Total Luxury Suite  : ' .("$num3");

echo '<br>';
$counter4 = mysql_query("SELECT * FROM rooms WHERE  hotel_id='".$hotel_id."' AND room_type = 'family suite' ");
$num4 = mysql_num_rows($counter4);
echo 'Total Family Suite  : ' .("$num4");

echo '<br>';
$counter5 = mysql_query("SELECT * FROM rooms WHERE  hotel_id='".$hotel_id."' AND room_type = 'royal suite' ");
$num5 = mysql_num_rows($counter5);
echo 'Total Royal Suite  : ' .("$num5");

echo '<br>';

echo '<br>';

if($start < $end ){

$sql1 = mysql_query("select sum(qty) from reservations where start >= '".$start."' and end <= '".$end."' and  hotel_id='".$hotel_id."'and room_type = 'standard' ");
$row1 = mysql_fetch_array($sql1);
$x1 = $row1["sum(qty)"];

echo 'Tootal booked rooms in Standard  : ' . ("$x1");

echo '<br>';


$sql2 = mysql_query("select sum(qty) from reservations where start >= '".$start."' and end <= '".$end."' and  hotel_id='".$hotel_id."'and room_type = 'deluxe' ");
$row2 = mysql_fetch_array($sql2);
$x2 = $row2["sum(qty)"];

echo 'Tootal booked rooms in Deluxe  : ' . ("$x2");

echo '<br>';

$sql3 = mysql_query("select sum(qty) from reservations where start >= '".$start."' and end <= '".$end."' and  hotel_id='".$hotel_id."'and room_type = 'luxury suite' ");
$row3 = mysql_fetch_array($sql3);
$x3 = $row3["sum(qty)"];

echo 'Tootal booked rooms in Luxury Suite  : ' . ("$x3");

echo '<br>';

$sql4 = mysql_query("select sum(qty) from reservations where start >= '".$start."' and end <= '".$end."' and  hotel_id='".$hotel_id."'and room_type = 'family suite' ");
$row4 = mysql_fetch_array($sql4);
$x4 = $row4["sum(qty)"];

echo 'Tootal booked rooms in Family Suite  : ' . ("$x4");

echo '<br>';

$sql5 = mysql_query("select sum(qty) from reservations where start >= '".$start."' and end <= '".$end."' and  hotel_id='".$hotel_id."'and room_type = 'royal suite' ");
$row5 = mysql_fetch_array($sql5);
$x5 = $row5["sum(qty)"];

echo 'Tootal booked rooms in Royal Suite  : ' . ("$x5");

echo '<br>';
echo '<br>';



    $a1 = $num1 - $x1;
    echo 'Available rooms in Standard  : ' . ("$a1"); echo '<br>';

    $a2 = $num2 - $x2;
    echo 'Available rooms in Deluxe  : ' . ("$a2"); echo '<br>';

    $a3 = $num3 - $x3;
    echo 'Available rooms in Luxury Suite  : ' . ("$a3"); echo '<br>';

    $a4 = $num4 - $x4;
    echo 'Available rooms in Family Suite  : ' . ("$a4"); echo '<br>';

    $a5 = $num5 - $x5;
    echo 'Available rooms in Royal Suite  : ' . ("$a5"); echo '<br>';



    session_start();



  $_SESSION['hotelid'] = $hotel_id;
  $_SESSION['checkin'] = $start;
  $_SESSION['checkout']= $end;






}

else
{
    echo $msg_to_user = 'wrong date values';

    }

echo '<br>';


}

    ?>


<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>

<body>
<table width="408" height="209" border="0" align="center" >
    <form name="myForm" action="".php" method="POST"  >
      <tbody align="center" >
        <tr>
          <td height="36" colspan="2" align="center" bgcolor="#D0DFED"  ><strong> Make Online Reservations </strong></td>
        </tr>
        <tr>
          <td width="239" height="32" align="center" bgcolor="#D0DFED"><strong>Select a  Hotel:</strong></td>
          <td width="227" align="center" bgcolor="#D0DFED"><select name="hotel_id" id="select" >



             <option value="1"<?= $_POST['hotel_id'] == "1" ? ' selected="selected"' : ''?>>Benthota Beach Hotel</option> 
    <option value="2"<?=$_POST['hotel_id'] == "2" ? ' selected="selected"' : ''?>>Serandib</option>
    <option value="3"<?= $_POST['hotel_id'] == "3" ? ' selected="selected"' : ''?>>Yala Safari Village</option> 
    <option value="4"<?=$_POST['hotel_id'] == "4" ? ' selected="selected"' : ''?>>Heritance Sigiriya</option>
    <option value="5"<?=$_POST['hotel_id'] == "5" ? ' selected="selected"' : ''?>>Negambo Beach Hotel</option>





          </select></td>
        </tr>
        <tr >
          <td height="31" align="center" scope="row" bgcolor="#D0DFED"><strong>Check in Date:</strong></td>
          <td align="center" bgcolor="#D0DFED"><input type="date" name="checkin" value="<?php echo $start; ?>" /></td>
        </tr>
        <tr>
          <td height="28" scope="row" align="center" bgcolor="#D0DFED"><strong> Check out date :</strong></td>
          <td align="center" bgcolor="#D0DFED"><input type="date" name="checkout" value="<?php echo $end; ?>"  /></td>
        </tr>
        <tr>
          <td height="35" scope="row" bgcolor="#D0DFED">&nbsp;</td>
          <td align="center" bgcolor="#D0DFED"><input type="submit" name="submit" value="check"></td>
        </tr>
      <td bgcolor="#D0DFED"> </td>
      <td bgcolor="#D0DFED"></td>
        </tbody>

    </form>
  </table>
<div style="width:1200px; height:100px; class= "2" id="2">
  <p>&nbsp;</p>
  <p>&nbsp;</p>
  <p>&nbsp;</p>

  <p>&nbsp;</p>
  <div id="apDiv3">
    <p>&nbsp;</p>
    <p>&nbsp;</p>
    <p>&nbsp;</p>
          <p>&nbsp;</p>
          <p>&nbsp;</p>
          <p>&nbsp;</p>
          <div id="apDiv4"></div>

  </div>
  </div>

<div class="1" id="1" >
  <div style="width:1200px; height:250px; class= "2" id="2">
  <h2 align="center">Standered Room Type</h2>
  <table width="876" height="188" border="1" align= "center"> 
  <form name="myForm" action="select_rooms2.php" method="POST"  >
    <tbody>
    <tr>
      <th width="278" rowspan="5" scope="row"><img src="photos/Single.jpg" width="248" height="172" alt=""/></th>
      <th width="278" scope="row">Room Type</th>
      <td width="146"><input type="hidden" value="standard" name="rtype">Standard <?php echo'<input type="hidden" name="myVariable" value="'.($a1).'">'; ?></td>
      <td width="146" rowspan="5" align="center"><input type="submit" name="Submit" value="Book Now" id="button1"/>
</td>
    </tr>
    <tr>
      <th scope="row">Available Rooms</th>
      <td ><?php  echo  '<span style="color:red;">' . $a1 . '</span>';  ?></td>
      </tr>
    <tr>
      <th scope="row">Max Adult</th>
      <td>1</td>
      </tr>
    <tr>
      <th scope="row">Max Child</th>
      <td>2</td>
      </tr>
    <tr>
      <th height="63" scope="row">Room Description</th>
      <td>&nbsp;</td>
      </tr>
  </tbody>
  </form>
</table>
  </div>


  <div style="width:1200px; height:250px; class= "3" id="3">
  <h2 align="center" > Deluxe Room Type </h2>
  <table width="876" height="188" border="1" align= "center"> 
    <form name="myForm1" action="select_rooms2.php" method="POST"  >

    <tbody>
    <tr>
      <th width="278" rowspan="5" scope="row"><img src="photos/4.JPG" width="248" height="172" alt=""/></th>
      <th width="278" scope="row">Room Type</th>
      <td width="146"><input type="hidden" value="deluxe" name="rtype">Deluxe<?php echo'<input type="hidden" name="myVariable" value="'.($a2).'">'; ?></td>
      <td width="146" rowspan="5" align="center"><input type="submit" name="Submit" value="Book Now" id="button1"/>
</td>
    </tr>
    <tr>
      <th scope="row">Available Rooms</th>
      <td ><?php  echo  '<span style="color:red;">' . $a2 . '</span>';  ?></td>
      </tr>
    <tr>
      <th scope="row">Max Adult</th>
      <td>1</td>
      </tr>
    <tr>
      <th scope="row">Max Child</th>
      <td>2</td>
      </tr>
    <tr>
      <th height="63" scope="row">Room Description</th>
      <td>&nbsp;</td>
      </tr>
  </tbody>
  </form>
</table>

  </div>



  <div style="width:1200px; height:250px; class= "4" id="4">
  <h2 align="center">Luxury Room Type </h2> 
  <table width="876" height="188" border="1" align= "center"> 
      <form name="myForm2" action="select_rooms2.php" method="POST"  >

    <tbody>
    <tr>
      <th width="278" rowspan="5" scope="row"><img src="photos/superior.jpg" width="241" height="153" alt=""/></th>
      <th width="278" scope="row">Room Type</th>
      <td width="146"><input type="hidden" value="luxury suite" name="rtype">Luxury Suite<?php echo'<input type="hidden" name="myVariable" value="'.($a3).'">'; ?></td>
      <td width="146" rowspan="5" align="center"><input type="submit" name="Submit" value="Book Now" id="button1"/>
</td>
    </tr>
    <tr>
      <th scope="row">Available Rooms</th>
      <td ><?php  echo  '<span style="color:red;">' . $a3 . '</span>';  ?></td>
      </tr>
    <tr>
      <th scope="row">Max Adult</th>
      <td>1</td>
      </tr>
    <tr>
      <th scope="row">Max Child</th>
      <td>2</td>
      </tr>
    <tr>
      <th height="63" scope="row">Room Description</th>
      <td>&nbsp;</td>
      </tr>
  </tbody>
  </form>
</table>

  </div>


  <div style="width:1200px; height:250px; class= "5" id="5">
<h2 align="center"> Family Suite Room Type </h2>
<table width="876" height="188" border="1" align= "center"> 
       <form name="myForm3" action="select_rooms2.php" method="POST"  >


    <tbody>
    <tr>
      <th width="278" rowspan="5" scope="row"><img src="photos/4.JPG" width="241" height="153" alt=""/></th>
      <th width="278" scope="row">Room Type</th>
      <td width="146"><input type="hidden" value="family suite" name="rtype">Family Suite<?php echo'<input type="hidden" name="myVariable" value="'.($a4).'">'; ?></td>
      <td width="146" rowspan="5" align="center"><input type="submit" name="Submit" value="Book Now" id="button1"/>
</td>
    </tr>
    <tr>
      <th scope="row">Available Rooms</th>
      <td ><?php  echo  '<span style="color:red;">' . $a4 . '</span>';  ?></td>
      </tr>
    <tr>
      <th scope="row">Max Adult</th>
      <td>1</td>
      </tr>
    <tr>
      <th scope="row">Max Child</th>
      <td>2</td>
      </tr>
    <tr>
      <th height="63" scope="row">Room Description</th>
      <td>&nbsp;</td>
      </tr>
  </tbody>
  </form>
</table>

  </div>



  <div style="width:1200px; height:250px; class= "3" id="3">
  <h2 align="center">Royal Suite Room Type</h2>
  <table width="876" height="188" border="1" align= "center"> 
        <form name="myForm4" action="select_rooms2.php" method="POST"  >

    <tbody>
    <tr>
      <th width="278" rowspan="5" scope="row"><img src="photos/1.JPG" width="241" height="153" alt=""/></th>
      <th width="278" scope="row">Room Type</th>
      <td width="146"><input type="hidden" value="royal suite" name="rtype">Royal Suite<?php echo'<input type="hidden" name="myVariable" value="'.($a5).'">'; ?></td>
      <td width="146" rowspan="5" align="center"><input type="submit" name="Submit" value="Book Now" id="button1"/>
</td>
    </tr>
    <tr>
      <th scope="row">Available Rooms</th>
 <td ><?php  echo  '<span style="color:red;">' . $a5 . '</span>';  ?></td>      </tr>
    <tr>
      <th scope="row">Max Adult</th>
      <td>1</td>
      </tr>
    <tr>
      <th scope="row">Max Child</th>
      <td>2</td>
      </tr>
    <tr>
      <th height="63" scope="row">Room Description</th>
      <td>&nbsp;</td>
      </tr>
  </tbody>
  </form>
</table>

  </div>

</div>




</body>
</html>
Luke
  • 1,724
  • 1
  • 12
  • 17
Dim5230
  • 33
  • 2
  • 6
  • 1
    Sorry, a bit unrelated to your query: this appears vulnerable to SQL injection and is using deprecated functions. Take a look at PDO/mysqli functions, and prepared statements rather than concatenated strings. – Luke May 18 '15 at 04:23
  • 1
    possible duplicate of [Preventing form resubmission](http://stackoverflow.com/questions/3923904/preventing-form-resubmission) – Patrick Evans May 18 '15 at 04:25
  • On topic; do a search across your code base for that error string. It sounds like it's an application thing, not a standard error (like 401). That'll help you find the source of the problem. And then I suspect that Patrick has found the solution! – Luke May 18 '15 at 04:26
  • I recommend to use validation process in separate page from the form page. if your form is **selectrooms.php** create **selectroomsVal.php** for processing – Elyor May 18 '15 at 04:31

3 Answers3

2

Just add these 2 line php code at the start of page:

<?php
header("Cache-Control: no cache");
session_cache_limiter("private_no_expire");
?>
Atif Tariq
  • 2,650
  • 27
  • 34
0

Its a old way but its still working, if you have used session_start() in your code then you just need to add this line in your header file like:-

<?php
header("Cache-Control: no cache");
?>

but if you didnt have used yet the session_start() then you can add the line below in your header file like:-

<?php
header("Cache-Control: no cache");
session_cache_limiter("private_no_expire");
?>
vivek sahu
  • 1
-1

You can redirect the page using two ways: 1. using PHP

header('location:selectrooms.php');

  1. using JavaScript

    onclick="window.history.go(-1); return false;"
Suman Singh
  • 1,379
  • 12
  • 20