How to prevent form resubmission when page is refreshed F5 CTRL R

Question

I have a simple form that submits text to my SQL table  The problem is that after the user submits the text  they can refresh the page and the data gets submitted again without filling the form again  I could redirect the user to another page after the text is submitted  but I want users to stay on the same page   I remember reading something about giving each user a unique session id and comparing it with another value which solved the problem I am having but I forgot where it is

User · Answer

Just redirect it to the same page after making the use of form data  and it works  I have tried it   header  location yourpage php

User · Answer

As others have said  it is not possible to out of using post redirect get  But at the same time it is quite easy to do what you want to do server side   In your POST page you simply validate the user input but do not act on it  instead you copy it into a SESSION array  You then redirect back to the main submission page again  Your main submission page starts by checking to see if the SESSION array that you are using exists  and if so copy it into a local array and unset it  From there you can act on it   This way you only do all your main work once  achieving what you want to do

User · Answer

How to prevent php form resubmission without redirect  If you are using   SESSION  after session start  and a   POST form  you can do something like this   if    empty   SESSION  act     amp  amp   empty   POST  act     amp  amp    POST  act        SESSION  act            do your stuff  save data into database  etc     In your html form put this    lt input type  hidden  id  act  name  act  value   lt  php echo   empty   POST  act         POST  act    2    1   2    gt   gt   lt  php if     POST  act        SESSION  act          if   empty    SESSION  act          SESSION  act      2              SESSION  act     1        else             SESSION  act     2            gt    So  every time when the form is submitted  a new act is generated  stored in session and compared with the post act   Ps  if you are using an Get form  you can easily change all POST with GET and it works too

User · Answer

Basically  you need to redirect out of that page but it still can make a problem while your internet slow  Redirect header from serverside   Example of basic scenario    Click on submit button twice  Way to solve   Client side   Disable submit button once client click on it If you using Jquery   Jquery one PRG Pattern  Server side   Using differentiate based hashing timestamp   timestamp when request was sent  Userequest tokens  When the main loads up assign a temporary request tocken which if repeated is ignored

User · Answer

Use header and redirect the page   header  Location your page php    You can redirect to same page or different page  Unset   POST after inserting it to Database   unset   POST

User · Answer

Why not just use the   POST  submit   variable as a logical statement in order to save whatever is in the form   You can always redirect to the same page  In case they refresh  and when they hit go back in the browser  the submit post variable wouldn t be set anymore  Just make sure your submit button has a name and id of submit

User · Answer

A pretty surefire way is to implement a unique ID into the post and cache it in the    lt input type  hidden  name  post id  value    createPassword 64     gt    Then in your code do this   if     SESSION  post id        POST  post id              SESSION  post id       POST  post id          do post stuff   else         normal display    function createPassword  length         chars    abcdefghijkmnopqrstuvwxyz023456789       srand  double microtime   1000000        i   0       pass             while   i  lt     length - 1              num   rand     33           tmp   substr  chars   num  1            pass    pass    tmp           i              return  pass

User · Answer

You should really use a Post Redirect Get pattern for handling this but if you ve somehow ended up in a position where PRG isn t viable  e g  the form itself is in an include  preventing redirects  you can hash some of the request parameters to make a string based on the content and then check that you haven t sent it already     create digest of the form submission        messageIdent   md5   POST  name       POST  email       POST  phone       POST  comment        and check it against the stored value        sessionMessageIdent   isset   SESSION  messageIdent      SESSION  messageIdent            if  messageIdent   sessionMessageIdent    if its different                      save the session var                SESSION  messageIdent      messageIdent            and                do your thang          else             you ve sent this already

User · Answer

What Works For Me is    if    refreshed           Your Submit Here         if  isset    GET  refresh                   setcookie  refresh    GET  refresh    time      86400   5                                  function refreshed         if  isset   GET  refresh                token     GET  refresh            if  isset   COOKIE  refresh                   if    COOKIE  refresh       token                    return false                else                   return true                          else               return false                  else           return false              function createToken  length         characters    0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ        charactersLength   strlen  characters        randomString           for   i   0   i  lt   length   i               randomString     characters rand 0   charactersLength - 1              return  randomString       gt    And in your Form    lt form  action   refresh  lt  php echo createToken 3   gt   gt       lt  form gt

User · Answer

A refined version of Moob s post  Create a hash of the POST  save it as a session cookie  and compare hashes every session      Optionally Disable browser caching on  Back  header   Cache-Control  no-store  no-cache  must-revalidate     header   Expires  Sun  1 Jan 2000 12 00 00 GMT     header   Last-Modified      gmdate  D  d M Y H i s      GMT       post hash   md5  json encode    POST       if  session start            post resubmitted   isset    SESSION   post hash       amp  amp    SESSION   post hash        post hash        SESSION   post hash       post hash      session write close      else        post resubmitted   false     if    post resubmitted          POST was resubmitted   else        POST was submitted normally

User · Answer

I searched for solution to prevent resubmission in a huge project afterwards  The code highly works with   GET and   POST and I can t change the form elements behaviour without the risk of unforeseen bugs  So  here is my code    lt  -- language  lang-php -- gt   lt  php     Very top of your code      Start session  session start        If Post Form Data send and no File Upload if   empty    FILES    amp  amp    empty    POST              Store Post Form Data in Session Variable       SESSION  POST       POST         Reload Page if there were no outputs     if     headers sent                  Build URL to reload with GET Parameters            Change https to http if your site has no ssl          location    https         SERVER  HTTP HOST       SERVER  REQUEST URI               Reload Page         header   location       location  true  303               Stop any further progress         die                Rebuilt POST Form Data from Session Variable if   isset    SESSION  POST               POST     SESSION  POST           Tell PHP that POST is sent       SERVER  REQUEST METHOD      POST         Your code    gt  lt html gt       lt head gt           lt title gt GET POST Resubmit lt  title gt       lt  head gt       lt body gt        lt h1 gt Forms  lt  h1 gt       lt h2 gt GET Form  lt  h2 gt       lt form action  index php  method  get  gt           lt input type  text  id  text get  value  test text get  name  text get   gt           lt input type  submit  value  submit  gt       lt  form gt       lt h2 gt POST Form  lt  h2 gt       lt form action  index php  method  post  gt           lt input type  text  id  text post  value  test text post  name  text post   gt           lt input type  submit  value  submit  gt       lt  form gt       lt h2 gt POST Form with GET action  lt  h2 gt       lt form action  index php text get2 getwithpost  method  post  gt           lt input type  text  id  text post2  value  test text get post  name  text post2   gt           lt input type  submit  value  submit  gt       lt  form gt       lt h2 gt File Upload Form  lt  h2 gt       lt form action  index php  method  post  enctype  multipart form-data  gt           lt input type  file  id  file  name  file  gt           lt input type  submit  value  submit  gt       lt  form gt        lt h1 gt Results  lt  h1 gt       lt h2 gt GET Form Result  lt  h2 gt       lt p gt text get   lt  php echo   GET  text get      gt  lt  p gt       lt h2 gt POST Form Result  lt  h2 gt       lt p gt text post   lt  php echo   POST  text post      gt  lt  p gt       lt h2 gt POST Form with GET Result  lt  h2 gt       lt p gt text get2   lt  php echo   GET  text get2      gt  lt  p gt       lt p gt text post2   lt  php echo   POST  text post2      gt  lt  p gt       lt h2 gt File Upload  lt  h2 gt       lt p gt file       lt pre gt  lt  php if     empty    FILES                   echo print r    FILES  true                gt  lt  pre gt       lt  p gt       lt p gt  lt  p gt       lt  body gt       lt  html gt  lt  php    Very Bottom of your code     Kill Post Form Data Session Variable  so User can reload the Page without sending post data twice unset    SESSION  POST        It only works to avoid the resubmit of   POST  not   GET  But this is the behaviour I need  The resubmit issue doesn t work with file uploads

User · Answer

This method works for me well  and I think this is the simplest one to do this job   The general idea is to redirect the user to some other pages after the form submission  which would stop the form resubmission on page refresh  Still  if you need to hold the user on the same page after the form is submitted  you can do it in multiple ways  but here I am describing the javascript method   Javascript Method  This method is quite easy and blocks the pop up asking for form resubmission on refresh once the form is submitted  Just place this line of javascript code at the footer of your file and see the magic    x000D   x000D   lt script gt  x000D  if   window history replaceState     x000D    window history replaceState  null  null  window location href    x000D    x000D   lt  script gt  x000D   x000D   x000D

User · Answer

This form php sample shows how to use PRG correct  when form is valid or not    It redirects to the same page  only when form is valid and action was performed  Redirection protects form from being resubmitted on page refresh  It uses session to not loose success messages you want to show when form is valid  There are two buttons for testing   quot Valid submit quot    quot Invalid submit quot   Try both and refresh page after that    lt  php session start     function doSelfRedirect       header  Location     SERVER  PHP SELF       exit     function setFlashMessage  msg        SESSION  message      msg     function getFlashMessage       if   empty   SESSION  message            msg     SESSION  message        unset   SESSION  message         else        msg   null         return  msg     if    SERVER  REQUEST METHOD        POST          Validation primitive example    if  empty   POST  valid            formIsValid   false      setFlashMessage  Invalid form submit        else        formIsValid   true         if   formIsValid           Perform any actions here                     Cool      setFlashMessage  Form is valid  Action performed             Prevent form resubmission      doSelfRedirect            gt   lt h1 gt Hello form lt  h1 gt    lt  php if   msg   getFlashMessage       gt     lt div gt  lt     msg   gt  lt  div gt   lt  php endif    gt    lt form method  quot post quot  gt     lt input type  quot text quot  name  quot foo quot  value  quot bar quot  gt  lt br gt  lt br gt     lt button type  quot submit quot  name  quot invalid quot  value  quot 0 quot  gt Invalid submit lt  button gt     lt button type  quot submit quot  name  quot valid quot  value  quot 1 quot  gt Valid submit lt  button gt   lt  form gt

User · Answer

Use the Post Redirect Get pattern  http   en wikipedia org wiki Post Redirect Get  With my website  I will store a message in a cookie or session  redirect after the post  read the cookie session  and then clear the value of that session or cookie variable

User · Answer

if     SERVER  REQUEST METHOD       POST   and  isset   SESSION  uniq           if  everything fine           unset   SESSION  uniq             else        SESSION  uniq     uniqid

User · Answer

After inserting it to database  call unset   method to clear the data    unset   POST    To prevent refresh data insertion  do a page redirection to same page or different page after record insert    header  Location     SERVER  PHP SELF

User · Answer

Javascript  This method is quite easy and blocks the pop up asking for form resubmission on refresh once the form is submitted  Just place this line of javascript code at the footer of your file and see the magic    lt script gt      if   window history replaceState             window history replaceState  null  null  window location href           lt  script gt

User · Answer

Using the Post Redirect Get pattern from Keverw answer is a good idea  However  you are not able to stay on your page  and I think this was what you were asking for   In addition  it may sometimes fail      If a web user refreshes before the initial submission has completed   because of server lag  resulting in a duplicate HTTP POST request in   certain user agents    Another option would be to store in a session if text should be written to your SQL database like this   if   SERVER  REQUEST METHOD       POST         SESSION  writeSQL     true    else     if isset   SESSION  writeSQL     amp  amp    SESSION  writeSQL              SESSION  writeSQL     false          save   POST values into SQL

User · Answer

When the form is processed  you redirect to another page       process complete     header  Location  thankyou php      you can also redirect to the same page   if you are doing something like comments and you want the user to stay on the same page  you can use Ajax to handle the form submission

User · Answer

I would also like to point out that you can use a javascript approach  window history replaceState to prevent a resubmit on refresh and back button    lt script gt      if   window history replaceState             window history replaceState  null  null  window location href           lt  script gt    Proof of concept here  https   dtbaker net files prevent-post-resubmit php  I would still recommend a Post Redirect Get approach  but this is a novel JS solution

User · Answer

I use this javascript line to block the pop up asking for form resubmission on refresh once the form is submitted    if   window history replaceState       window history replaceState  null  null  window location href        Just place this line at the footer of your file and see the magic

User · Answer

I found next workaround  You may escape the redirection after processing POST request by manipulating history object    So you have the HTML form    lt form method POST action   process php  gt    lt input type submit value OK gt   lt  form gt    When you process this form on your server you instead of redirecting user to  the result page by setting up the Location header like this    cat process php  lt  php       process POST data here                header  Location   the result page         exit      gt      After processing POSTed data you render small  lt script gt  and the result  the result page   lt  php       process POST data here      render the  lt script gt             see below      render   the result page       OK   gt    The  lt script gt  you should render    lt script gt      window onload   function             history replaceState           the result page           lt  script gt    The result is     as you can see the form data is POSTed to process php script  This script process POSTed data and rendering  the result page at once with    no redirection no rePOST data when you refresh page  F5   no rePOST when you navigate to previous next page through the browser history   UPD  As another solution I ask feature request the Mozilla FireFox team to allow users to setup NextPage header which will work like Location header and make post redirect get pattern obsolete   In short  When server process form POST data successfully it    Setup NextPage header instead of Location Render the result of processing POST form data as it would render for GET request in post redirect get pattern   The browser in turn when see the NextPage header    Adjust window location with NextPage value When user refresh the page the browser will negotiate GET request to NextPage instead of rePOST form data   I think this would be excelent if implemented  would not

User · Answer

You can prevent form resubmission via a session variable  First you have to set rand   in a textbox and   SESSION  rand   on the form page   lt form action  quot  quot  method  quot post quot  gt     lt  php     rand rand         SESSION  rand    rand      gt    lt input type  quot hidden quot  value  quot  lt  php echo  rand    gt  quot  name  quot randcheck quot    gt     Your Form s Other Field    lt input type  quot submit quot  name  quot submitbtn quot  value  quot submit quot    gt   lt  form gt   After that check   SESSION  rand   with textbox   POST  randcheck   value like this  if isset   POST  submitbtn     amp  amp    POST  randcheck      SESSION  rand             Your code here    Make sure you start the session on every file you are using it with session start

[php] How to prevent form resubmission when page is refreshed (F5 / CTRL+R)

Examples related to php

Examples related to html

Examples related to forms

Examples related to post

Examples related to form-submit