Posting to PHP_SELF stop dublicate insert on refresh

They have: 426 posts

Joined: Feb 2005

I am building a website and have a page to insert a new listing - the page gets posted to itself.
My problem is that once the post has been inserted into the database and the message has come up saying that it was successful it i refresh the page it will insert the same post again.

How can i also delete the post values so it does not do this?

pr0gr4mm3r's picture

He has: 1,502 posts

Joined: Sep 2006

The best way to avoid this is to redirect the site visitor to a different page after you process the $_POST data. So have your script process the form data, and then use header('Location: some/page.php') to redirect them to the success page.

greg's picture

He has: 1,581 posts

Joined: Nov 2005

Or check for POST data

<?php
IF $_POST
?>

or something more specific
<?php
IF $_POST['dataname']
?>

If there is post data the query is already done (show form or whatever), else process the POSTed data.

But I agree with pr0gr4mm3er, the best way in most circumstances is to have a separate page anyway. Not all requirements makes this approach the best, but usually it allows for easier management as one page is for getting data and the other is for processing it. This also makes additional options later easier too.

And my method of doing this is use a $_SESSION, then at the end of the page that inserts to the DB (or whatever) unset the session.
So if session is set then do whatever, if session is not set give them a message - ie "this page is only used when you fill in a form" etc -
As they got to the page either some way other than the required means OR they filled in the required form (or whatever) the message will refelct either of these instances.

Once a form is filled in and submitted, the session is set and goes to the processing and results page, the DB is updated and the session is unset. Thus resolving your problem as refreshing that page will tell them "please use the form on page blah and click submit" (as there is no session set)

They have: 426 posts

Joined: Feb 2005

Yes ok thanks for you help. I have used a separate page. How can i control then the header output. If i am including the page, and i have already included the header with HTML i cannot use header(Location).

greg's picture

He has: 1,581 posts

Joined: Nov 2005

well, you can use three pages, or simply send back to the original page
The method is simply getting the data from the inputs on a page where you get the data and check it without any html output, so it doesnt cache the page

I will list how i usually have user input checking, three pages

  • form page
  • process page
  • results page

This is how I generally handle user inputs. With sanatising/checking their data and sending them back to the form page if there was an issue, else send them to the outcome page.

form page

<form method="post" action="process_page.php">
USERNAME:
<input type="text" name="username">
<input type="submit" value="GO">
</form>

process page

<?php
session_start
();

$username = $_POST['username'];
$return = "";

//check if empty, all your sanatisation stuff etc
//(i've only included very limited checks for this example)

-----
//check username
if (empty($username)){ //empty
$_SESSION['login']['username']="empty";
$return = "yes";

}elseif (
strlen($username) < 6){ //too short
$_SESSION['login']['username']="short";
$return = "yes";

}elseif (
strlen($username) > 20){ //too long
$_SESSION['login']['username']="long";
$return = "yes";
}


//if any of the above checks were true, then something is wrong.
//send them back (the session will have already been set with the
//info regarding the issue)
if ($return == "yes"){
exit (
header('Location: form_page.php'));
}

//if return was not "yes" then all checks were false
//and the data sent is ok to go through,
//update the db or whatever you want then send to results page

mysql_query("insert into ....");
?>

as you dont have any sessions set, you need to set one. anything will do, but at this point i determine the db query outcomes and set them to sessions for the outcome page

<?php
if (mysql_affected_rows(query_a) != 1){
$_SESSION['logindone']['querya']="error";
}else{
$_SESSION['logindone']['querya']="ok";
}


exit (
header('Location: results_page.php'));
?>

results_page
if session is set then there are results, else they (you) got to the page some other way and cannot use it for anything, or you have already had your results (page refresh / browser back etc)

<?php
session_start
();


if(isset(
$_SESSION['logindone'])){

//if ok
if ($_SESSION['logindone']['querya']=="ok"){
echo
"the db was successfully updated";
//if errors
}elseif($_SESSION['logindone']['querya']=="error"){
echo
"There was a problem inserting into the db";
}else{
echo
"the session is set but is not 'ok' or 'error' - unexpected result";
}

//else session is not set
}else{

echo
"to use this page you have to fill out the form on form_page.php";

}


//unset the session always,
//then the results message can only be done once
unset($_SESSION['logindone']);
?>

another option..at the return point in the process_page (if $return="yes") (before the header redir) you can set another session to remember their inputs if you wish. as they are being sent back, you could set a session such as

<?php
$_SESSION
['logindata']['username']=$username;
?>

That will put in a session whatever was posted (if anything)
Then in the form have the value .. eg
<?php
echo '<input type="text" name="username"
value="'
.$_SESSION['logindata']['username'].'">
?>

so it sends them back if there was an issue with input and sends the exact error, or continues to the results/outcome page as no checks found any issues

on the form_page.php, at the top, you use the session set for the errors as so..

<?php
if (isset($_SESSION['login'])){ //is not set then no errors possible

if ($_SESSION['login']['username']=="empty"){
echo
"You did not enter a username";

}elseif(
$_SESSION['login']['username']=="long"){
echo
"the username you entered is too long";

}elseif(
$_SESSION['login']['username']=="short"){
echo
"the username you entered is too short";
}

}
//end if isset
?>

if you do that, make sure to unset the errors session on the form_page, or they will remain set (and output an error message everytime that page is accessed)

Obviously that's all for user input, but you are a user..inputting, so it is the same principal for you and most requirements.
even the error message will be useful to you when using your own admin CP, so you know what you did wrong..typo or whatever.

The options are endless but the above is the basics of using session and ideas of sending data back and forth.
The point is once you have got the POST data and done something with it in a page with no html output, then it wont be cached at all by the browser, as it is all done on the server!

You can use two pages and send back to the form_page.php
if session set echo out some results, else echo the form
or even echo out any results (if session set) AND echo the form below it.

MARIAFlorova's picture

They have: 2 posts

Joined: Aug 2013

Welcome To The best Online Articles Blog

MARIAFlorova's picture

They have: 2 posts

Joined: Aug 2013

Welcome To The best Online Articles Blog

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.