Preventing form resubmission

Question

Page one contains an HTML form  Page two - the code that handles the submitted data    The form in page one gets submitted  The browser gets redirected to page two  Page two handles the submitted data    At this point  if page two gets refreshed  a  Confirm Form Resubmission  alert pops up   Can this be prevented

User · Answer

I really like  Angelin s answer   But if you re dealing with some legacy code where this is not practical  this technique might work for you   At the top of the file     Protect against resubmits if  empty   POST           POST  last pos sub     time      else        if  isset   POST  last pos sub              if    POST  last pos sub        SESSION  curr pos sub                 redirect back to the file so POST data is not preserved                     SESSION  curr pos sub       POST  last pos sub               Then at the end of the form  stick in last pos sub as follows     lt input type  hidden  name  last pos sub  value  lt  php echo   POST  last pos sub      gt  gt

User · Answer

The only way to be 100  sure the same form never gets submitted twice is to embed a unique identifier in each one you issue and track which ones have been submitted at the server   The pitfall there is that if the user backs up to the page where the form was and enters new data  the same form won t work

User · Answer

If you refresh a page with POST data  the browser will confirm your resubmission  If you use GET data  the message will not be displayed  You could also have the second page  after saving the submission  redirect to a third page with no data

User · Answer

The PRG pattern can only prevent the resubmission caused by page refreshing  This is not a 100  safe measure    Usually  I will take actions below to prevent resubmission    Client Side - Use javascript to prevent duplicate clicks on a button which will trigger form submission  You can just disable the button after the first click  Server Side - I will calculate a hash on the submitted parameters and save that hash in session or database  so when the duplicated submission was received we can detect the duplication then proper response to the client  However  you can manage to generate a hash at the client side    In most of the occasions  these measures can help to prevent resubmission

User · Answer

use js to prevent add data   if   window history replaceState         window history replaceState  null  null  window location href

User · Answer

Well I found nobody mentioned this trick   Without redirection  you can still prevent the form confirmation when refresh   By default  form code is like this    lt form method  post  action  test php  gt   now  change it to   lt form method  post  action  test php nonsense 1  gt   You will see the magic   I guess its because browsers won t trigger the confirmation alert popup if it gets a GET method  query string  in the url

User · Answer

There are two parts to the answer    Ensure duplicate posts don t mess with your data on the server side  To do this  embed a unique identifier in the post so that you can reject subsequent requests server side  This pattern is called Idempotent Receiver in messaging terms  Ensure the user isn t bothered by the possibility of duplicate submits by both   redirecting to a GET after the POST  POST redirect GET pattern  disabling the button using javascript    Nothing you do under 2  will totally prevent duplicate submits  People can click very fast and hackers can post anyway  You always need 1  if you want to be absolutely sure there are no duplicates

User · Answer

There are 2 approaches people used to take here    Method 1  Use AJAX   Redirect  This way you post your form in the background using JQuery or something similar to Page2  while the user still sees page1 displayed  Upon successful posting  you redirect the browser to Page2    Method 2  Post   Redirect to self  This is a common technique on forums  Form on Page1 posts the data to Page2  Page2 processes the data and does what needs to be done  and then it does a HTTP redirect on itself  This way the last  action  the browser remembers is a simple GET on page2  so the form is not being resubmitted upon F5

User · Answer

You need to use PRG - Post Redirect Get pattern and you have just implemented the P of PRG  You need to Redirect   Now days you do not need redirection at all  See this   PRG is a web development design pattern that prevents some duplicate form submissions which means  Submit form  Post Request 1  -  Redirect -  Get  Request 2   Under the hood   Redirect status code - HTTP 1 0 with HTTP 302 or HTTP 1 1 with HTTP 303   An HTTP response with redirect status code will additionally provide a URL in the location header field  The user agent  e g  a web browser  is invited by a response with this code to make a second  otherwise identical  request to the new URL specified in the location field    The redirect status code is to ensure that in this situation  the web user s browser can safely refresh the server response without causing the initial HTTP POST request to be resubmitted   Double Submit Problem     Post Redirect Get Solution     Source

User · Answer

Try tris   function prevent multi submit  excl    validator          string           foreach    POST as  key   gt   val           this test is to exclude a single variable  f e  a captcha value     if   key     excl             string     key    val                  if  isset   SESSION  last           if    SESSION  last       md5  string             return false        else             SESSION  last     md5  string           return true              else         SESSION  last     md5  string       return true            How to use   example   if  isset   POST         if    POST  field               place here the form validation and other controls     if  prevent multi submit         use the function before you call the database or etc         mysql query  INSERT INTO table          or send a mail like            mail  mailto   sub   body      etc       else           echo  The form is already processed               else          your error about invalid fields           Font  https   www tutdepot com prevent-multiple-form-submission

User · Answer

You can use replaceState method of JQuery   lt script gt       document  ready function       window history replaceState       window location href          lt  script gt   This is the most elegant way to prevent data again after submission due to post back  Hope this helps

User · Answer

Directly  you can t  and that s a good thing  The browser s alert is there for a reason  This thread should answer your question   Prevent Back button from showing POST confirmation alert  Two key workarounds suggested were the PRG pattern  and an AJAX submit followed by a scripting relocation   Note that if your method allows for a GET and not a POST submission method  then that would both solve the problem and better fit with convention  Those solutions are provided on the assumption you want need to POST data

[forms] Preventing form resubmission

Examples related to forms

Examples related to http