PHP Form processing redirects with POST data in url

Question

On the first submit, this returns user to index with the POST data still in the URL. On the second submit with the data in the url now, it then returns the errors or process the mail. I am not sure what exactly is causing this.

<?php
if(!isset($_POST['submit']))
{
//This page should not be accessed directly. Need to submit the form.
echo "error; you need to submit the form!";
}
$name = $_POST['name'];
$company = $_POST['company'];
$project = $_POST['project'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$message = $_POST['message'];
unset($_POST);

//Validate first
if(empty($name)||empty($email)) 
{
echo "Name and email are mandatory!";
exit;
}

if(IsInjected($email))
{
echo "Bad email value!";
exit;
}

$email_from = 'wevans.evansweb@gmail.com';
$email_subject = "New Contact Request";
$email_body = "You have received a new message from $name.\n
email: $email\n
company: $company\n
project: $project\n
phone: $phone\n
message: $message\n";

$to = 'wevans.evansweb@gmail.com';
$headers = "From: $email_from \r\n";

mail($to,$email_subject,$email_body,$headers);
//done. redirect to thank-you page.
header('Location: index.html');


// Function to validate against any email injection attempts
function IsInjected($str)
{
  $injections = array('(\n+)',
          '(\r+)',
          '(\t+)',
          '(%0A+)',
          '(%0D+)',
          '(%08+)',
          '(%09+)'
          );
  $inject = join('|', $injections);
  $inject = "/$inject/i";
  if(preg_match($inject,$str))
    {
    return true;
  }
  else
  {
    return false;
  }
}

?>

Answer 1

Are you sure that you are using the method="post" in your form's HTML?

<FORM action="someURL.php" method="post">

To my knowledge, form values display in the URL when the method is get, which won't serve you as expected in your case, because you are using $_POST in your PHP.