This question already has answers here:
Avoid resending forms on php pages
(6 answers)
Closed 9 years ago.
I have a webpage that contains a form that uses the POST method and references the same page it is on for submission. I am using a PHP include file that contains an if statement that runs when the submit value is set. For some reason though, after one submission, every time you refresh the page it submits the form with the previously submitted data (The browser warns of this before refreshing the page). What causes this, and what could I be doing wrong?
This is expected. You should have the form submit to a handler that has a unique URL, whether it be a query string or a different URI. One solution (of many) would be to change your form action:
<form action="?action=submit" method="post">
<input type="hidden" name="action" value="submit" />
...
and then in the PHP script handle the form, then change the context back to a URL without the hidden query string
if (!empty($_POST['action']) && $_POST['action'] == 'submit') {
// do stuff
header('Location: '.$_SERVER['SCRIPT_NAME']);
die();
}
Note the query string is not actually present in $_POST but we keep it there so browsers don't consider it to be a redirect loop.
i had the same issue with one of my pages.
the reason is that when the browser warns you that it will submit the form again, that means it is going yo be the same exact thing when you click on a submit button.
I did 2 things to avoid it but i am sure there many other ways.
1. Do not let the page echo the form again after succesfull submission of the form.
mine was like this
<?php
if(!isset($_POST['submit'])) {
include(form.php);// you can modify this according to your needs.
} else {
//display your message about what happened with the form.
}
?>
with that approach, your page will not the contaion a form to submit HOWEVER this will not prevent it from submitting on refresh.
2. if the form is submitted create a contoller input that carries a value indication that the form is already submitted. for example , place this into your form:
<?=(isset($_POST['submit']))?"" :"<input type-"hidden" name="submit_stat" value="true" />" ; ?>
and when you process your form when it is submitted check it with your php and make the script act on that variable like this:
<?php
if($_POST['submit_stat']==true) {
//do not process the form here.
//stop your script
}
?>
Another thing you can do is redirect your page to another page other than the page that handles the form. i believe this is the safest one.
Another Way to prevent this is to move the Post Data to Session, redirect, collect Post back from Session and delete Session Post Data.
if(!empty($_POST) && empty($_FILES)){
// move post to session
// redirect to same url (don't forget possible get query)
}else{
// collect post from session
// unset post from session
}
Build this as default and you should never have problems with post data.
Only exceptions are File uploads. In this case redirect *after* post processing manualy.
Related
I have two simple HTML form buttons that call PHP functions to send emails now. Everything works fine except for one thing. If one of the buttons is clicked to send a report, and then the page is refreshed, the function seemed to be called again and the emails well go out again with a page refresh by a user using a browser refresh button.
If the page is refreshed, the email will go out again for the last button clicked. So, if I click on Button 1 and then refresh the page, I will get two reports for button 1. If I click on button #1, and then click on Button #2, only the second report will go out. If I click on button #2 and then #1, only Report #1 will go out again.
So, no matter how many buttons are clicked, refreshing the page will cause the last button click (only to repeat). Trying to unset the request parameter (in code below) has no effect all on the repeats caused by a page refresh.
I don't understand why (on a Page Refresh) the page is seeing the last button click made as set, and why the unset command is not working.
Thanks for any help.
if( isset( $_REQUEST['email_this_weeks_report'] )) {
unset($_REQUEST['email_last_weeks_report']);
#send email now email code for this week
}
if( isset( $_REQUEST['email_last_weeks_report'] )) {
unset($_REQUEST['email_last_weeks_report']);
#send email now email code for last week
}
<form>
<input class="ui-button ui-widget ui-corner-all" type="submit"
name="email_this_weeks_report" value="Email This Weeks Report Now" />
</form>
<form>
<input class="ui-button ui-widget ui-corner-all" type="submit"
name="email_last_weeks_report" value="Email Last Weeks Report Now" />
</form>
Clicking the button submits the form.
The data in the form is bundled up and included in the request.
Aside: You're using method=GET, the default, but you're not making a "safe" request. You are doing something, not just getting information. You should use a POST request.
When you click refresh, you tell the browser to make the request again and display a new version of the page.
Since the request includes the query string which says "send a particular email", it sends that email again.
Unsetting values in $_REQUEST has no effect because when the browser makes a new request with the same data in it: $_REQUEST just gets filled up again.
You should deal with this by using the PRG pattern:
Submit the form using method=POST
Have your PHP script process the data in the form (i.e. send the email) then redirect to a different PHP script
Have the new PHP script display the result (in this case there is no result, its just the form, you could use a plain HTML document with no PHP in it).
Change
<form>
To
<form method='POST'>
A simple way to prevent multiple submissions is to add a random token to the form in a hidden input.
<input type='hidden' name='formtoken' value='<?= uniqueid() ?>'/>
Every time the page is fetched from the server, the value of this hidden variable will change. So on the server side, you can prevent the same form being resubmitted by checking whether a form with this unique ID has been submitted before.
session_start();
$sessionToken = $_SESSION['formtoken']? : null;
$currentToken = $_POST['formtoken']? : null;
// If no session token yet: form has never been submitted
if(!$sessionToken):
// save the current token in session so we'll recognize it next time
$_SESSION['formtoken'] = $currentToken;
/* ok to send the email */
// ElseIf current token was already used: Duplicate form submission
elseif($sessionToken === $currentToken):
/* don't send the email!*/
// Else session token exists, but current token is new: User fetched a new form from server
else:
// update the session token
$_SESSION['formtoken'] = $currentToken;
/* ok to send the email */
endif;
When the user refreshes, the browser will ask if she wants to re-submit the form. If she does, you will know because the current token and the session token will be the same. It's up to you to decide how to handle it.
Refreshing a page with a GET or a POST form will resubmit the data (albeit it will ask you first in the POST scenario, which you should use by the way).
Try redirecting the user after form submit
if( isset(...) ){
// Do your logic
header('Location: https://you_site.com/your-form-page?thank-you');
exit;
}
This must be done before anything else is outputted on the page.
I am making a page that has a bunch of fields that allows the user to enter in information and submit it to a database. This page is called 'add.php' I created a 'form' tag and had the information posted to another page called 'process.php' where the information is collected, then inserted into the database. I want the user to know whether it was successful or not, so I was wondering how to tell the user something specific on the 'add.php' page. like "insertion successful!" at the top of the page.
I thought of including the 'process.php' code in 'add.php', then calling the 'add.php' in the action of the form, but the code gets called the first time the page is loaded, which inserts a completely blank entry into the database.
Should I implement some sort of flag that is only set to true after the 'submit' button is clicked? Or is there another way to update the page and tell the user the status of the insertion?
I can paste the relevant code as needed. :)
Thanks!
Assuming that you are using the post method in your form and php, you can simply check if a post was made:
if ($_SERVER['REQUEST_METHOD'] === 'POST')
{
// form was posted, process and display output
}
else
{
// nothing was posted, normal get request, show form
}
just check if query worked well. If no exception was thrown, it mostly has, and the add appropriate message with output.
First you need to check and handle errors
try
{
}
catch(Exception $e){
header('Location:oldlocation.php?succ=0')
exit();
}
header('Location:oldlocation.php?succ=0')
exit();
If all goes well, you can also redirect to a new location(as shown in code). This has to be done properly, you may redirect back to the old location, with additional data like
oldlocation.php?succ=1;
If anything goes wrong redirect to
oldlocation.php?succ=0
Then fetch the succ using $_GET["succ"] and print appropriate message.
If you din get, comment.
Here's what I would do...
Keep your processing data in one file, and include the form file at the end
//add.php
//if the form is submitted make the database entry
if(isset($_POST['foo']) AND $_POST['foo'] != '')
{
//code to process form submission
$success = 'success!';
}
//include the form
include addform.php
in addform.php put your form. Include an 'isset' that is watching for $success to alert that the entry was successful
//addform.php
<?php if(isset($success)){ echo "<h2> Data successfully entered! </h2>";} ?>
<form action='' method='POST'>
<input type='text' name='foo' />
//etc
</form>
So once you submit the form, the code starts at the top of add.php - the 'isset' sees the $_POST submission, runs the form submission code and sets the success variable. Then, it includes the form page. The form page has an 'isset' that is watching for the success variable. When you first navigate to the page, or if you refresh, the add.php code will skip the first code block (the form submission stuff) and won't make a database submission or set the success variable.
I have form inputs to send to another page to check on and validate them, and in case of errors I have to redirect the user back to the page where he/she filled the form.
So I need to send the content of $_POST back to refill the inputs to avoid refilling them manually...
How can I do that??
Here are two options:
1) Have the PHP script redirect back to the page with the form, with the form values in the URL as GET variables. You can then use those to refill the form.
2) You can send a POST request via jQuery without requiring the user to leave the page. See here: http://api.jquery.com/jQuery.post/ . With this, you can check the user's input in the PHP script, and only redirect them if their input is valid. This saves you the trouble of refilling the form. You can use it like this:
$.post("myphpscript.php",
{ someData: someValue, someMoreData: anotherValue },
function(returnData) {
// do stuff here on return
});
In myphpscript.php you can get the post values as $_POST["someData"] and $_POST["someMoreData"]. The function is what happens when the PHP script returns, and returnData is what the PHP script echoed.
If I'm correct you want to check your POST-values and if they are invalid input, you want the user to be directed back to the original page and fill the input-fields with the POST-values.
<input type="text" value="<?php echo (isset($_POST["text"] ? $_POST["text"] : "") ?> />
This checks if the POST-var is set, if so, it sets the value of the input-field to the value of the POST-var, else it sets the value to empty
An alternative to excellent answers posted is to store these values into the session and access them from there.
Say I have create a registration form. Now to add records into a DB, we send the data to another php file by POST method, where we do some validations and add a record. Is it possible to do it in the same file without sending and getting the data by POST/GET? If no, then why?
EDIT: Even sending to the same php file is SENDING and losing resource. I ask this question because I want to avoid the lost of time on sending by GET/POST and getting by the same Get/POST. And if it is not posible, I want to understand why PHP does not allow.
No. You always have to send data from the client to the server, there is no way around that.
If you dont want to reload the entire page the user is on, you could submit the data via AJAX to the php file responsible for processing it and adding the data. That way the user never leaves the page.
yes ofcourse.
just in your form "action" put
$_SERVER['PHP_SELF']
then in the beginning of your PHP page check if the $_POST is set or not
if(isset($_POST))
{
// actions to be taken after form submission
}
ofcourse you can add a hidden input tag for refining checks for the $_POST. eg in your form
<input type="hidden" name="formSubmit" value="yes" />
then your check should be like
if(isset($_POST['formSubmit']))
{
// actions to be taken after form submission
}
It's possible. For example:
<?php
if(true === isset($_POST['submit']) // check if submit-button was clicked
{
// do some validation here...
// If validation successes add record into db here...
}
else // no post data sent so output the form
{
// output the form here...
}
Yes it is possible set
action="same page"
in form tag.
you can access your all form attributes on same page.
Yes it is easy. The form can post back to its self. This is most easily done by not even specifying the value of action in the form tag.
<form method='POST'>
Then at the top of the page before any content is put on the page, include an if statement to check if the form was submitted.
if (isset ($_POST['post'])) { // 'post' is the name of the submit button
$error = false;
// Do validation
From there do validation and act according to the result.
If you have lots of validation to do, perhaps put that in another file and include it.
include "formValidation.php";
If all is well and all tests are passed use
if ($error === false) {
Header ("Location: confirmation.php");
exit;
}
}
If tests fail, stay on the page keeping all the post data, and display an error.
if (isset ($error) && !empty ($error)) {
echo "<div class='error'>$error</div>";
}
I have an HTML form. Let's say I fill out all the fields and submit it (PHP script runs here).
Then I want to go back to the form using "Back" button of my browser.
What I see is the empty form.
What do I do to have the entered data retain on the page after I come back to it using "Back" button of the browser?
Thank you!
If you use the "Back" button of your browser then your browser is responsible for re-populating your form data.
Usually that functionality is handled by the browser, however if you want to "force" the fields to always be pre-filled with the user's data, you can store the $_POST data in a session variable and use that to load the form.
Example:
// submission page
session_start();
if(isset($_POST)){
// save the posted data in the session
$_SESSION["POST"] = $_POST;
}
Then on the actual form page, you can check to see if session data exists. It won't if the form is being loaded the first time, but it will if the user submits the form and then presses the browser back button:
// form page
session_start();
if(isset($_SESSION["POST"])){
// previous POST data has been saved
// build the form with pre-defined values from $_SESSION
...
} else {
// no previous data
// build the form without pre-defined values
...
}
Note that you must call session_start() before outputting any HTML.
Store the value in a session
session_start();
//form so that you have all the potential forms in a single session array
//form_1 to identify the form in question
if(!empty($_POST)){
$_SESSION['forms']['form_1'] = $_POST;//if this is for the public internet, then I would really consider making sure that the posted data matches the received data... (and that its comming from YOUR form), which is way too long to post here...
}
then on the form page
<input name="flowers" value="<?php echo if(isset($_SESSION['forms']['forms_1']['flowers'])){ echo htmlspecialchars($_SESSION['forms']['forms_1']['flowers']);} ?>" />
obviously the above can be simplified, but for a example's sake it's better this way.
(make sure to clean out the old form data eventually)
You can potentially store the data in the session, and re-populate it back using PHP sessions. You should create a separate back button that takes you to the previous page.
Example:
Storing data:
$_SESSION['data'] = $_POST['item1'];
In the HTML Forms:
<input type="text" name="someinput" value="<?=$_SESSION['data']?>" />