Does anyone know of a way to prevent the browser from asking the user to resend form information.
I know you can redirect the browser with:
<php
header("location http://example.com");
?>
But this seems so inefficient and takes 2 request.
Hope you can help.
duplicate of: How do I stop the Back and Refresh buttons from resubmitting my form?
Either redirect like your example, or use AJAX to submit the form in the first place. The browser has no way of requesting the same page without requesting the same page.
Not re-submitting the data would be the same as requesting a different page, so you're kinda stuck.
As far as I know, there is nothing you can really do when it comes to that behavior in POST requests. The redirect, perhaps seemingly inefficient, is actually the best way to do it. You're telling the browser that you've done all the work necessary for the post request and now you're going to send it to a page that will never change, no matter how many times you call it, making it easily bookmarkable and reusable.
Related
Is there a way to avoid reprocessing forms when I refresh php pages? I'd like to prevent resending forms when refreshing links to php files with an insert function in them. For example, I am processing a series of notes written by users at the top of each page for a new note. Besides the obvious creating a separate php file with a header function is there another way to do it?
Use the Post-Redirect-Get Pattern.
Accept a Post request
Process the data
Issue a redirect response
Accept a Get request
Issue a 200 response
If you need to display data from the submitted stuff, then include a row id or similar in (for example) the query string of the URL you redirect to.
The best way would be to do a header("location: form.php"); call after you process the form. That would redirect you back to the form page, and if you refresh, the browser wont resend the form data.
Alternatively, you could check to see if you already processed the data received, but that would still give you the browser warning message that you are going to resend the data.
You might do both, just in case someone uses the back button and accidentally clicks Submit again.
Just set some flag when you process the form first time so you could check for it and abort reprocessing later on. Session variable or cookie will work fine.
You could put a nonce into the page that is only allowed to be used once so that if you see the same nonce come in you don't do the insert of the page.
I redirect users to a new page after processing of the form.
The form is a POST-request to do-something.php. I check the input data and if it validates I process the data and perform a redirect to do-something.php?somethingdone. So the user can hit F5 w/o resending the POST request.
I tried to use header("Location:..."), $_POST = array(), unset($_POST), but (idk why) they didn't work in my php page.
So, what I did, I just used
echo '< script>window.location.replace("http://.../this.php")</script>'
😂 it works very good! Maybe it is not a good idea, I am learning PHP for the 4th week.
I want to redirect the user to some url in other website, but to send with his redirect some post variable.. is this possible? And if yes, how?
Thanks.
It is not. :(
You can however submit an hidden form using Javascript.
EDIT: shame upon me. It seems it can be achieved w/o Javascript. Try to post some data to a PHP page you write yourself, which basically tells the browser to do a 303 See Other redirect. It shall work, in the sense that the browser should re-POST the data on the redirection target, but someone reports this causes the browser to show a "really repost the data?" message, like the one you see if you refresh a web page you loaded with a POST.
However, even if it works, I think nobody does it.
I remember reading somewhere it's a good practice to redirect pages using GET to show the next page after a POST request. Why is it so?
This way, if the user reloads the page, the browser won't send another POST.
For example, if the page is an order confirmation page, you don't want the order to be repeated if the user refreshes the page.
It's because if a user submits a form and is taken to the thankyou page, then refreshes that page, the browser will prompt the user to resubmit the form, thus creating two posts to your data handler. If you redirect to the thankyou page with GET, the post vars are empty so the form won't be resubmitted.
I'm not sure it's still considered good practice - haven't heard anything on the subject for a while.
GET is idempotent while POST isn't. If the user reloads the page (or returns there by clicking the browser's Back button), nothing breaks.
I would assume this is so that the following page is bookmarkable.
If you can't remember why it's good practice then maybe there isn't a good justification for it.
IMHO, it's a case of swings and roundabouts - and certainly easy to argue the converse - whether its good practice or not really depends on how it fits in with the rest of your code.
C.
After submitting a form with post method f5 will resubmit that.
What's the best to avoid this without redirecting a page. Idon't like to disturb the user like this. Stackoverflow are immune to f5 but i don't see any redirection after asking a question.
Get After Post
Form does a POST request
Code processes form
Code redirects using Location header
Result: refreshing the resulting page will merely display it again, since it was done using GET.
StackOverflow is pretty AJAX-heavy, which is why you're seeing the behavior you see.
If you don't want to get all AJAXy, you want redirects. Redirects of this sort should be transparent to the user:
if (! empty($_POST)){
// Do something with the contents of $_POST
header('Location: success.php');
}
Now, if your validation fails, you probably reload the form with some error messages, and hammering F5 will re-POST the data. But if the operation is successful, the user will be redirected to your success page, and they can hammer f5 all day without rePOSTing data, and potentially creating duplicate actions.
The standard approach for achieving this effect is to use an HTTP redirect, which isn't obvious to the user (so I assume that you refer to a meta refresh delayed redirect).
See the Post Redirect Get pattern.
I have an application that supplies long list of parameters to a web page, so I have to use POST instead of GET. The problem is that when page gets displayed and user clicks the Back button, Firefox shows up a warning:
To display this page, Firefox must send information that will repeat any action (such as a search or order confirmation) that was performed earlier.
Since application is built in such way that going Back is a quite common operation, this is really annoying to end users.
Basically, I would like to do it the way this page does:
http://www.pikanya.net/testcache/
Enter something, submit, and click Back button. No warning, it just goes back.
Googling I found out that this might be a bug in Firefox 3, but I'd like to somehow get this behavior even after they "fix" it.
I guess it could be doable with some HTTP headers, but which exactly?
See my golden rule of web programming here:
Stop data inserting into a database twice
It says: “Never ever respond with a body to a POST-request. Always do the work, and then respond with a Location: header to redirect to the updated page so that browser requests it with GET”
If browser ever asks user about re-POST, your web app is broken. User should not ever see this question.
One way round it is to redirect the POST to a page which redirects to a GET - see Post/Redirect/Get on wikipedia.
Say your POST is 4K of form data. Presumably your server does something with that data rather than just displaying it once and throwing it away, such as saving it in a database. Keep doing that, or if it's a huge search form create a temporary copy of it in a database that gets purged after a few days or on a LRU basis when a space limit is used. Now create a representation of the data which can be accessed using GET. If it's temporary, generate an ID for it and use that as the URL; if it's a permanent set of data it probably has an ID or something that can be used for the URL. At the worst case, an algorithm like tiny url uses can collapse a big URL to a much smaller one. Redirect the POST to GET the representation of the data.
As a historical note, this technique was established practice in 1995.
One way to avoid that warning/behavior is to do the POST via AJAX, then send the user to another page (or not) separately.
I have been using the Session variable to help in this situation. Here's the method I use that has been working great for me for years:
//If there's something in the POST, move it to the session and then redirect right back to where we are
if ($_POST) {
$_SESSION['POST']=$_POST;
redirect($_SERVER["REQUEST_URI"]);
}
//If there's something in the SESSION POST, move it back to the POST and clear the SESSION POST
if ($_SESSION['POST']) {
$_POST=$_SESSION['POST'];
unset($_SESSION['POST']);
}
Technically you don't even need to put it back into a variable called $_POST. But it helps me in keeping track of what data has come from where.
I have an application that supplies long list of parameters to a web page, so I have to use POST instead of GET. The problem is that when page gets displayed and user clicks the Back button, Firefox shows up a warning:
Your reasoning is wrong. If the request is without side effects, it should be GET. If it has side effects, it should be POST. The choice should not be based on the number of parameters you need to pass.
As another solution you may stop to use redirecting at all.
You may process and render the processing result at once with no POST confirmation alert. You should just manipulate the browser history object:
history.replaceState("", "", "/the/result/page")
See full or short answers