Posted by Erwin Moller on 11/20/07 16:58

mtuller wrote:
> I have a page that submits data to a database, and I want to make it
> so that if the page is refreshed, it doesn't submit the information
> again. I am trying to use unset the variables so that if the page is
> refreshed, it will not submit again. I saw a post about setting a time
> delay of something like 30 seconds, but would prefer just to unset the
> variable. I can't seem to get it working. Here is a snippet of what I
> have:
>
> echo 'First Name: '.$_POST['First_Name'];
>
> if (isset($_POST['First_Name']))
> {
> ... if it is set, submit to the database
> }
> else
> {
> echo '<h2>There is no data to submit. To enter a nomination, <a
> href="index.php">Click Here</a></h2>';
> }
>
> unset($_POST['First_Name']);
>
> echo 'First Name: '.$_POST['First_Name'];
>
>
> The first echo displays what was submitted in the form, the second
> shows that the variable is empty. When I refresh though,
> $_POST['First_Name'] contains the data from the form again.
>
> Can someone explain how they would go about making sure that when a
> page is refreshed that data is not submitted again, or explain to me a
> way to get what I have started working?
>
>

Hi,

$_POST is populated again for each request.
If a visitor refreshes a page that was the result of a previous post, a
decent browser asks the user if (s)he wants to resubmit the page.

So unsetting the superglobal $_POST is of no use at all.
I don't know where you found that trick, but my advise is to avoid any
more tips from that same author.

A better approach to your problem is:
1) create a page with the form, eg mypage.php
2) Make the action of the form mypage_submit.php
3) in mypage_submit.php do whatever it is you need to do with the posted
info, like inserting into a database.
4) When finished, direct the browser to another page, eg thankyou.php as
follows:
header("Location: http://www.example.com/thankyou.php");
exit;

This will force the browser to load thankyou.php.
If somebody presses reload on thankyou.php (s)he will see that page
again without resubmitting the form.

NEXT PROBLEM: BACK BUTTON:
Of course, they can go back using the back-button and repost it again.
Against that, not a lot can be done reliably.
If somebody really wants to resubmit the form, well, they will.
I saw a few tricks involving all kinds of headers, but in my experience
none work reliably. (I could be wrong. http can be quite confusing)

If you REALLY need to avoid this behaviour, you should start using
'tickets'.
One simple approach that uses the idea of tickets:
1) generate a random string and put it into your form with a hidden
formelement.
eg:
<input type="hidden" name="ticket" value="KJHIUTJGHGDFHKGKJGHHFFDSG">

2) Let your receiving script store this ticket in the DB, but only if
that ticket isn't found already.


Hope this sheds some light on it.

Regards,
Erwin Moller

[Back to original message]