How can I avoid the the browser form-resubmission alert?
This question seems to have been discussed a lot here on SO, for example:
Preventing form resubmission
Prevent Back button from showing POST confirmation alert
Never ever respond with a body to a POST-request
What I do not get from the previous discussion, is how I can use the posted data and incorporate it into the html. The previous links discuss how to use the php header function to send a get request to itself. But when sending this get request, the posted data will no longer be available to the new page, (since we cannot use the php post method..)
I would like to do this without using the php or javascript session storage technique (or saving the posted data to a temporary mySQL database).
For a simple example:
<html>
<body>
<form action="post.php" method="post">
User name: <input type="text" name="user"><br>
<input type="submit" value="Submit">
</form>
</body>
</html>
where post.php is:
<html>
<body>
<?php
echo "<p>".$_POST['user']."</p>";
?>
</body>
</html>
Pressing CTRL-R in google chrome on the second page brings up the alert.
Do a redirect from post.php. Save data in session or in database and retrieve from redirect page.
Example Scenario:
Submit the form
Save the user record to db, get the id of the new record e.g. in $id
redirect using header, something like:
header('Location: result.php?user_id='.$id);
get the user record from db, with the provided id and show it to the
user.
Use this:
<script>
if(window.history.replaceState)
{
window.history.replaceState(null,null,window.location.href);
}
</script>
you may rewrite the browser history object
history.replaceState("", "", "/the/result/page");
See this
Related
I have a html page where the user can input some text, it is then posted to a php file and then stored in a database.
<form action="postphp.php" method="post" enctype="multipart/form-data">
<center><input id="postTitleStyle" type="text" name="title" size="100" maxlength = "180" ></center>
<center><textarea id="postTextStyle" name="Text" rows="10"cols="96" maxlength = "40000"><?php echo $text;?></textarea></center>
<center><input id="postTagStyle" type="text" name="tags" size="100" maxlength = "900" ></center>
<center><input type="submit" class = "Post2" value="post"></center>
</form>
Above is my current code for posting the data in the text field to a php file. I want to be able to click a button that when clicked will not go to the php file it will be stored and then when the user clicks the submit button it is posted. For example the user clicks it, a one is stored and then sent later when the user clicks the submit button after they are finished filling in other details. Is this possible?
P.S. I want to avoid Javascipt as much as possible for the moment, so if there is a non-java way of doing it then it would be much appreciated.
Many thanks, Jack.
There are two easy solutions to this problem without using Javascript. I'm assuming by your wording that you can currently post a form, but you don't know how to do so without leaving the current page. That's what I'll be answering below, but please note that there is no way to post a form without reloading at all without Javascript.
Solution 1: Put the PHP code into the same page the form is on and change the form tag to: <form action="" method="post" enctype="multipart/form-data">
A blank action field will cause it to run the PHP on the current page. You will likely need to look into using isset($_POST['submit']) in PHP, which will check whether the submit button has been clicked on before running that particular PHP code. You can read more about that HERE.
Solution 2:
In the postphp.php file that's currently linked to in your action field of your form, you could use a PHP header that will redirect the user after the PHP code is ran.
E.g.
<?php
{All your form processing code goes here}
header('location: my_form_page.php');
?>
In this example, my_form_page.php is the page on which your form is on. You can read more about headers in the answer of THIS question.
Hopefully this helps a bit.
$title = $_POST['title'];
$text= $_POST['text'];
$tags = $_POST['tags'];
mysql_query("INSERT INTO `table_name` (`colname1`,`colname2`,`colname3`) VALUES ('$title,'$text','$tags')");
$id = mysql_insert_id();
if($id){
echo "inserted";
}else{
echo "Not inserted";
}
For this you need to use Ajax (JavaScript will be used) because you need a button which send data to server without form submission and page reload it can be easily achieved using Ajax.
I have html page and I have taken one form in it and other link outside the form .Form is Submitted by POST method,when I submitting form first time its ok and when I click link it pass data by GET method and when I again submit form then it send both GET and POST variable i.e form data and link data both.so what is the reason for that and how can I solve it.My html page is below
<html>
<body>
<form method='post'>
<input type=input name='name'/>
<input type=submit name='submit' value='submit'/>
</form>
<a href='check_global.php?page_number=6'>Page Number</a>
</body>
</html>
Because the form hasn't the action attribute, so it simply reload the page. When you submit it the first time it's all fine, but when you do it after clicking the link, the url is 'dirty' due to the data of the link, so you have both GET and POST values.
You can check wether the POST attribute is set ( if(isset($_POST['name'])) with php), in this case it has been submitted with the form
When you submit the form the second time you see the form parameters + the url parameter of the page (remember you clicked the link with the relative URL 'check_global.php?page_number=6').
To verify the above try this:
<?php
echo 'GET param ' . $_GET["page_number"];
echo 'POST param ' . $_POST["name"];
?>
As you can see you can access both types of parameters during a POST request.
Hope that helps.
Just to make the point, the OP did not indicate that the form was supposed to submit to anywhere but the current page. So just for funsies, here is the same basic idea, but with an action attribute value:
<form method="post" action="">
<input type="text" name="name"/>
<input type="submit" name="submit" value="submit"/>
</form>
Page Number
Notice that I've set it up so that, for whatever reason, the link points back to this same page and so does the form. The result:
First Load: form submit makes request with POST data to blah.php
Second Load: link follow makes request with GET (thanks to the query string) to blah.php?page_number=6
Third Load: form submit, using blank action to indicate that current page is where to post, makes request with POST form data to blah.php?page_number=6, thus having both POST form data and GET URL data.
So your options are to either set the action attribute value to blah.php so that it does not include the query string, or to accept that if you want to avoid the various ways of doing this in favor of having a more modular form (drop it in any page and you know it will post to that address), then to simply have the PHP backend check if $_POST['submit'] is set and if so, handle it like a form post and don't use any of the $_GET logic that might be screwing things up.
The link is never sending the form data as POST, and the POST data is not part of the GET array, so you know that when there is no POST, it's just get and if there is POST, it was a form submit, even if there is a GET array.
Or just use separate scripts so you don't get mixed up.
I have a page that post data to another page once a form has been submitted. I am guessing server. Please correct me if I am wrong.
<form action="http://192.168.1.118/collegeShuttle/test/welcome.php" method="post">
Name: <input type="text" name="fname" />
Age: <input type="text" name="age" />
<input type="submit" />
</form>
It all great that I can do this on my second page and expect get the data back
<html>
Welcome <?php echo $_POST["fname"]; ?>!<br />
You are <?php echo $_POST["age"]; ?> years old.
</html>
My biggest problem is that, when I navigate to that page from a different device or computer. I get error messages saying that those variables are undefined. My question is that if it claims to be posting to the server why cant I access it from different computers? If that is not the case, is there a way to send data to the server that I can access from any computer?
the $_POST data is being sent to http://192.168.1.118/collegeShuttle/test/welcome.php, so are you getting the data in that page?
Post data has a resquest scope, if you want to persist the data on server probably wanna use a database.
Before you learn php you need to study the at less some of "http"
because your second device does not have same value in cookie named phpsessid. If you want to work it that way submit the form from one device . Note the phpsessid cookie value , on second device create cookie with name phpsesid and put value you copied before . Now open the second page.
try this :
<html>
Welcome<?php echo $_REQUEST["fname"]; ?>!<br />
You are <?php echo $_REQUEST["age"]; ?> years old.
</html>
The $_POST variable is defined whenever someone sends POST data to your page (usually via form, like you have listed above). The variable is only defined when POST data has been submitted to the page and will only be valid for that request (from which the data was sent). If you open a different window resending the POST data, then it is lost.
Sorry I have posted this question and I googled it alot still Im unable to solve this
I have a php page that has a form and when user clicks refresh or F5 it creates duplicate values in the database and also a message is alerted to the user, indicating resubmitting may insert duplicate values in database.My boss dont want that alert box of the browser to user and also insertion of duplicate values into the database
I know its header(). I read lot of header() in php manual and also server_name functions but still I tried in many ways putting in the top but cant solve it. its very important. can anyone please help me with a sample of code explaining the way to do.any help is greatly appreciated.
<form method="post" action"demo.php">
<input name="fname" type="text">
<input type="submit" value="submit">
</form>
demo.php
<?php
$firstname = $_POST['fname'];
?>
Tell me what should i add in the demo.php page to stop it from submitting the form again and again and also if user clicks back button on the browser it should not direct to the previous page , it should still redirect to current page.
So if user clicks refresh or back button it should redirect to current page only and should not insert any duplicate values and also alert box should be disabled.Please explain me what to do here, im in deep help.Thanks
There's lots of things wrong with your code, and lots of ways to mitigate the impact.
First, why are you creating duplicate entries?
In addition to the problem of bad data is also implies that your site is vulnerable to CSRF. Go read up on how to prevent CSRF with single-use tokens.
If you've got performance problems with your site, then users will often click on the submit button multiple times. While addressing the duplicate submission problem on the database, use javascript to disable the submit links on the page and provide visual feedback that the page is doing something.
Redirects are not the way to solve the problem.
My boss dont want that alert box of the browser
Are you talking about the duplicate post alert? While you can get around this using PRG, that creates other problems.
You must post a unique id (session_id) and save it in the database.
When your registration, test if the session_id is already present. If so, send a message to THE USER. "You have already post out this form"
The code:
<?php session_start; ?>
<form method="post" action"demo.php">
<input name="fname" type="text">
<input type="submit" value="submit">
<input type="hidden" name="session_id" value="<?php echo session_id();?>">
</form>
demo.php
<?php
//test session_id in database
$session_id = session_id();
mysql_connect('localhost','xxx','xxx');
mysql_select_db('xxx');
$return = mysql_query("SELECT COUNT(*) AS nb_data FROM TABLENAME WHERE session_id='".session_id()."'");
$data = mysql_fetch_assoc($return);
if ($data['nb_data'] == 0){
echo 'Your message';
}
else{
$firstname = $_POST['fname'];
//.....
header('location:xxx.php')?
}
?>
I would use php header function to replace the current location so if the user clicks refresh, it won't repost the information and a session to store the posted value and check for resubmissions.
demo.php
<?php
session_start();
if($_POST)
{
if(!isset($_SESSION[fname]))
{
//database queries here
}
$_SESSION[fname] = $_POST['fname'];
header('location:demo.php', true); //true replaces the current location
}elseif(!issset($_SESSION[fname])){
header('location:form.php');
}
$firstname = $_SESSION[fname];
?>
form.php
<form method="post" action"demo.php">
<input name="fname" type="text">
<input type="submit" value="submit">
</form>
You need ON DUPLICATE KEY , this will update the record instead of creating a copy of it :
http://dev.mysql.com/doc/refman/5.0/en/insert-on-duplicate.html
so it wouldn't matter if they hit refresh or resubmit, if the record existed already it would just get updated.
The solution will be to redirect the page after database operations like insert, update and delete
pageName: test.php
if(isset($_REQUEST['deleteBtn']))
{
$emp_id=$_REQUEST['emp_id'];
$count=mysql_query("delete from employees where emp_id=$emp_id");
header("location:test.php");
}
This way if you click F5 or back button the form data will not get posted again.
What you want is to embed a session id in your form when you create it, and to track that session id on the server. Then, when the form is submitted and you are processing the form on the server, if the form was submitted more than once, you can overwrite the first submission in your database, or respond with an error message, or whatever. (Show the popup only on the first submission, whatever.)
An easy way to do this is to generate a session id, send it as a hidden field in the form, and when the form is submitted store the session id in your database with the constraint that the session id be unique.
I want to display warning messages in html. This code shows two text boxes named "company" and "name". con.php connects to the database and inserts the information. But if I enter nothing, then the values are still getting stored in the database as null. I want user to know that he shouldn't leave the fields blank by displaying some messages and also a warning should appear if the given company already exists in the database. How do I implement that?
<html>
<head>
<title>store in a database</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<h2>company Store</h2>
<form name="form1" method="post" action="con.php">
<p>company:<input type="text" name="company">
<br/>
<br/>
<br/>
Name: <input type="text" name="name" size="40">
<br/>
<br/>
<br/>
<input type="submit" value="Save">
<input type="button" onclick="window.close()" value="cancel">
</form>
</body>
While an alert message cannot be produced without JavaScript, you could take advantage of HTML5's placeholder attribute to inform the user of this message:
<input type="text" placeholder="You must enter something in this field"! name="whatever" id="whatever" />
And couple this with JavaScript:
var inputElem = document.getElementById('whatever');
var form = document.getElementsByTagName('form')[0];
form.onsubmit = function(){
if (inputElem.value = '' || inputElem.value.length < 1){
alert('You must enter some actual information');
return false;
}
};
However JavaScript can be edited by the users, via Firebug, Web Inspector, Dragonfly...or by simply creating a new html file and submitting the form to the same source from the action attribute of the form element. Therefore your form-handling script must be sanitised and checked on the server as well as the client; client-side checking is a convenience to the user (to prevent unnecessary page-reloads, submissions and so on), it is not a security feature, and should not be used, or mistaken, as such.
Best way is using Ajax if you want to do it at the same page. You need to read some tutorials on it. It's not that easy to explian here.
If reloading or redirecting to other page is ok for you, you should compare the submitted form value with the values in the database in a PHP script which is redirected from form submission (action url). If values doesn't match and not empty, store the values to database and redirect to a page like the list of companies or "company successfully created" message page. If values match with an old record or empty, redirect back to the same form page with a flag (something like form.php?error=1 etc.) and show the proper error message.
Also you can use JavaScript for immediate alerts. But you should always do the same checks at PHP side since JavaScript can be disabled in browsers.
In con.php you should do your data validation and return the markup (or redirect to page describing the error).
So, check for empty fields, and if the exists redirect the user to a page saying the fields can not be empty (and probably allow them to enter new values).
If the data entered is ok, check the database for duplicates and if they exist, redirect the user to a page saying that the company already exists (and again probably allow the user to correct the data).
You can not do it only with HTML.
You need to add a form validation (to prevent empty strings), HTML5 form validation can do that for you (check http://www.broken-links.com/2011/03/28/html5-form-validation/), but not all browser support it, so you will need to use JavaScript to validate the form.
There are JavaScript libraries that will take an old browser and make it behave like a browser that support HTML5 (check http://www.matiasmancini.com.ar/jquery-plugin-ajax-form-validation-html5.html).
You will also need to retrieve the companies already in your database and check them against the user input and alert him if needed.
On top of that you will need to validate the data in your PHP before inserting it to the database (check for empty string for example).