How to prevent Resend for a Form after Submit?

Hi all,
I have recently started learning PHP and had been good till I reached forms. This is where I am stuck up -
I have a simple contact me form that has 4 fields. After submitting the form I call a php script to update the data in a MySQL database. This part is ok. But the problem is that after update of the database, in case I click the refresh button, the data on the form gets resubmitted - that is after displaying data updated successfully, in case I refresh the page, the data just entered on the form is resubmitted and updated in the database. Any advice that I should try out?

Thanks for the advice in advance :slight_smile:

Code of php script that gets called is

<?
$post_vars = $HTTP_POST_VARS;
$uname     = $post_vars['uname'];
$email     = $post_vars['email'];
$related   = $post_vars['related'];
$feedback  = $post_vars['msg'];
$flag = true;
//Validate the Input
//........
if($flag)
{
//connect to the database
	//Create the Query/ Insert Statement
	$ins = "INSERT INTO feedback (";
	$flds = "name, email, relatedto, feedback) VALUES(";
	$vals = '"' . $uname . '","' . $email . '","' . $related . '","' . $feedback . '")';
	$statement = $ins . $flds . $vals;
	//Execute the statement
	$result=mysql_query($statement);
	if($result)
	{
		print("Data Updated Successfully");
		$flag=true;
	}
	else
	{
		die("Could not insert the data in the database... <br />" . mysql_error());
		$flag=false;
	}
	mysql_close($connection);
}
?>


One solution could be to store the succesfull message in a session, and then use a header to reload the page, which then clears the postdata

It could look somehting like this:

<?php
session_start();
ob_start();
// if the data already have been processed, the session will contain a message
if(isset($_SESSION['form_message']))
{
	// display the message on screen, and then clear the message.
	print($_SESSION['form_message']);
	unset($_SESSION['form_message']);
}
else
{
	// if no session['form_message'] exists, then test if any postdata exists, and process if needed
	if(isset($_POST))
	{
		$uname     = $_POST['uname'];
		$email     = $_POST['email'];
		$related   = $_POST['related'];
		$feedback  = $_POST['msg'];
		$flag = true;
		//Validate the Input
		//........
		if($flag)
		{
		//connect to the database
			//Create the Query/ Insert Statement
			$ins = "INSERT INTO feedback (";
			$flds = "name, email, relatedto, feedback) VALUES(";
			$vals = '"' . $uname . '","' . $email . '","' . $related . '","' . $feedback . '")';
			$statement = $ins . $flds . $vals;
			//Execute the statement
			$result=mysql_query($statement);
			if($result)
			{
				$_SESSION['form_message'] = "Data Updated Successfully"
				$flag=true;
			}
			else
			{
				die("Could not insert the data in the database... <br />" . mysql_error());
				$flag=false;
			}
			mysql_close($connection);
			if($flag)
			{
				header("location:" . $_SERVER['PHP_SELF']);
				exit;
			}
		}
	}
}
ob_end_flush();
?>

It is just one way to clear the post data, im sure others have different approaches to this.

You need some way to clear the post data, regardless of what solution you end up with, and IMHO the header is the easiest way to achieve this.

Tx zalucius. I had thought of using the <meta http-equiv=“refresh” content=“1,…/index.htm” /> tag to solve the issue but I feel that using sessions is a better way of implementing the concept. Thanks again. I will give it a try it out and report back.

Cheers,
thePirate

It might help reading the Post/Redirect/Get pattern

Ernie ++

this is the best way to go. While FF will say “do you want to resend data?” IE will just say, “page expired, go to hell”. PRG will prevent that, and is safer, and is not just for refreshes but also stops forms with POST from breaking the Back button.

This was my first find back when I was first looking into this problem:
http://www.theserverside.com/tt/articles/article.tss?l=RedirectAfterPost

Oldie but goodie, and ignore the Java stuff.

Also a good reason to do this on the server side is that of course user agents may not bother looking at those meta tags we love to add. They’re not required to and many of the just ignore them.

We use that method now, as well. We experimented with doing all submits via AJAX, but of course that doesn’t work with file uploads.