Prevent Re-posting of Form Data Using Browser Refresh
Moderator: General Moderators
Prevent Re-posting of Form Data Using Browser Refresh
I am trying to use a conditional statement based on isset($http_post_vars[submit]) to prevent form data being re-submitted to a database when the browser re-fresh button is hit, but it doesn't work. Whether I use that code or not, hitting the refresh button pops up a window asking me to retry (resend the data) or to cancel. Is there some php code I can use which makes it impossible for someone to re-send the data? I would like to keep the form contained in the same php file that I am posting to. I am a newbie so I would appreciate details.
Thanks
Thanks
You can try the following technique:
Keep a session variable ($counter) initialized to 1.
In the form, keep an hidden input variable,
In your PHP script, before inserting the value into database,
you can do the following check..
Duplicate form submissions will have the same value of submit_counter.
This wont be accepted, because session variable $counter will get
incremented after the first insertion into database.
Hope this helps,
Ajay
Keep a session variable ($counter) initialized to 1.
In the form, keep an hidden input variable,
Code: Select all
<?php
echo "<input type=hidden name=submit_counter
value=$counter>";
?>you can do the following check..
Code: Select all
if ($submit_counter == $counter)
{
// insert the values into database...
$counter = $counter + 1
}
else
{
// refresh has been clicked so do not insert into the database.
}This wont be accepted, because session variable $counter will get
incremented after the first insertion into database.
Hope this helps,
Ajay
well, the way I usually do it to prevent reposting is I just the header() tag and redirect them to the page
make sure you're inserting and have the PHP at the TOP of the page, b4 outputting any HTML
After inserting, just redirect them:
So now if they hit refresh, it won't pop up the window either now will it re-add the data.
make sure you're inserting and have the PHP at the TOP of the page, b4 outputting any HTML
After inserting, just redirect them:
Code: Select all
header("Location: thisform.php?id=$id");If you go with the redirect method, make sure you redirect to an absolute URL (see http://www.php.net/manual/en/function.header.php ).
The following should work:
The following should work:
Code: Select all
$new_location = "http://".$_SERVERї'HTTP_HOST'].dirname($_SERVERї'PHP_SELF'])."/thank_you.php";
header("Location: $new_location");- hob_goblin
- Forum Regular
- Posts: 978
- Joined: Sun Apr 28, 2002 9:53 pm
- Contact:
Ok, it sounds like you're writing to a file... and the way i prevent information being stored twice is i use file() to read the file into an array, then array_reverse to make the last submitted line first, then i compare the submitted info with the first key of the array, and if they are equal, i don't write it, but if they aren't, i go ahead and write the info..
Code: Select all
$test_last = file($talkdatafile);
$test_lastr = array_reverse($test_last);
$last_e = $test_lastrї0];
if($writedata != $last_e){
fwrite ($t_fp, $writedata);
fclose ($t_fp);
}I tried the counter approach but could not get it to work. This is my code, which I tried different variations of, to try to get it to work. Tried setting a counter session variable using session_start but no luck. This is driving me crazy. I know I could perhaps redirect to a different page but I just want to get his to work without redirecting - its miy mission in life at the momentif ($submit_counter == $counter)
{
// insert the values into database...
$counter = $counter + 1
}
else
{
// refresh has been clicked so do not insert into the database.
}
Code: Select all
<?php
require_once('db_login.php');
?>
<?php
$Entry = $_REQUESTї'Entry'];
$Description = $_REQUESTї'Description'];
//$counter = $_REQUESTї'submit_counter'];
$len_entry = strlen($_REQUESTї'Entry']);
$len_description = strlen($_REQUESTї'Description']);
// validate and insert if the form script has been called by the Add Entry button
if ($submit_counter == $counter) {
if (($len_entry > 0) and ($len_description > 0)) {
$sql = "INSERT into A (Entry, Description)";
$sql .= " values ('$Entry','$Description')";
$result = $db->query($sql);
$db->commit();
$counter++;
} else {
echo 'One or more fields are blank! Try again.';
}
} else {
echo 'The refresh button was clicked';
}
// query all records in the table after any insertion that may have occurred above
$sql = "select * from A";
$result = $db->query($sql);
?>
<html>
<head>
<title>Fill in form</title>
</head>
<body>
<h2 align="center">Database Entry Page</h2>
<form method="POST" action="EntryForm.php">
<table align="center" width="600">
<tr>
<td valign="top" align="right">Entry: </td>
<td valign="top"><Input type="text" name="Entry" size="45" maxlength="40"></td>
</tr>
<tr>
<td valign="top" align="right"> Description: </td>
<td valign="top"><textarea name="Description" rows="5" cols="70"></textarea></td>
</tr>
</table>
<?
echo "<input type=hidden name=submit_counter value=$counter>";
?>
<!--- <input type="hidden" name="add_record" value="1"> --->
<p align="center"><input type="Submit" name="Submit" value="Add Entry"></p>
<br>
<table align="center" width="750">
<tr>
<th bgcolor="#EEEEEE">ID</th>
<th bgcolor="#EEEEEE">Entry</th>
<th bgcolor="#EEEEEE">Description</th></tr>
<?
// Display any records fetched from the database plus an input line for a new entry
while ($row = $result->fetchRow()) {
echo "<tr><td>$rowї0]</td><td>$rowї1]</td><td>$rowї2]</td></tr>\n";
}
?>
</table>
</body>
</html>try adding this line after $db->commit();
and take out the counter++; it has no use.
Just make sure your using the POST method in your form, otherwise it'll be caught up in a loop.
Code: Select all
header("Location: http://$HTTP_HOST$REQUEST_URI");and take out the counter++; it has no use.
Just make sure your using the POST method in your form, otherwise it'll be caught up in a loop.