Unset post variables after form submission

Question

Is there a way to do the above? Basically, I don\'t want the form to be submitted again if someone presses refresh after already submitting the form once. In which case the

Answer 1

Use an intermediate page to do the operations and then redirect.

For example:

mypage.php --> the page with the form

dostuff.php --> receives the form data and makes operations, then redirects to any other page.

To do a redirect:
Put this line on the top of "dostuff.php": header("Location: mypage.php");

Answer 2

If your form is going to be updating a database, then you can update or insert only if record does not exist. Simply do a select statement first. This will prevent duplicate records due to refresh.

Answer 3

If you are inserting the contents of this form to database, simply use the php/sql SELECT statement to check if "username" has already been submitted. If yes, throw an error. Like so:

//Database Values: servername, dbname, username and password;
//Also set ($_POST['username']) = $username or anything you like; 
$usererror = ""; //Will be filled later.
try { 
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$stmt1 = $conn->prepare("SELECT * FROM yourdb WHERE username=:username");
$stmt1->bindParam(':email', $email);
$stmt1->execute();
$stmt1->fetch();

$querycheck = $stmt1->rowCount();
if ($querycheck >= 1) {
$usererror = "User already exists.";
}
}
catch(PDOException $e) {
// roll back the transaction if something failed
$conn->rollback();
echo "Critical Error. Contact admin immediately.";
error_log("Error: " . $e->getMessage(), 0); //logs connection errors instead of echoing the errors (for security reasons.)
}
$conn = null;

Then you can now insert only the form has no error:

If (empty($usererror)) {
//insert command 
}

Notice I used prepared statements, because on many articles, it is said to be the safest method to operate on Databases using php+sql. You can as well use the normal method if you don't really have security concerns, it'll save you more code lines too.

Also notice the $querycheck >= 1, it is very essential to ensure 1 insertion and never more than 1 even if the user refreshes 2,000 times, clicks back button and submit again etc. The mistake that tied me down and drove me mad for days was using $querycheck > 1 instead of $querycheck >= 1, that way, my forms kept submitting twice before throwing "Already Exists" error. Finally, I've been able to fix it. Hope this helps people that will visit this question later.

Answer 4

Instead, you could use a captcha such as Recaptcha that doesn't allow post submission without doing the captcha. This is what I used and it works perfectly.

Answer 5

My solution for this is doing a meta refresh if a post variable is set the $_POST do not follow it after the refresh.

<head>
<?php
  if (isset($_POST['Task'])){
  echo' <meta http-equiv="refresh" content="0; url=./ThisFile.php">';
  }
  ?>
</head>

Answer 6

The problem you are facing above specifically can (and should) be solved with Post/Redirect/Get. Unsetting _POST on the php side would be ineffective since the problem is it is a separate request.

You also have to deal with double-clicking of submission buttons. You can solve this on the client side by disabling form submission after the button click, or by putting a random token in the form and storing that token in the session. The token will be accepted only once (session keeps track of whether the token has been posted).