How to avoid resending data on refresh in php

Question

I have a page "index.php" where i have a link called "add_users.php". In "add_users.php", I accept user information and come back to the same page "index.php" where information comes through post action and gets inserted into the database.

When I refresh the page or hit the back button, a resend box appears. I went through many solution where they asked me to create third page. I tried doing that as follows: after inserting values in database, I redirected the page as header('Location:http://thisisawebsite.com/thankyou.php, and in thankyou.php I again redirected the page to index.php. But this resulted in getting a warning as "Cannot modify header information - headers already sent by [....]"

What is a better solution?

Answer 1

This works for me:

Form.php

<?php

session_start();



try {
    $dbh = new PDO('mysql:host=localhost;dbname=test', 'root', '');

    } catch(PDOException  $e) {
    
    echo $e->getMessage();
 }



if(isset($_GET['login'])) {
    
    
    if(!empty($_GET['uname']) && !empty($_GET['psw'])) {
        
        $sql = 'INSERT INTO test(username, password) VALUES(:username, :password)';
        
        $username = $_GET['uname'];
        $password = $_GET['psw'];
        
        $statement = $dbh->prepare($sql);
        
        $data = $statement->execute([
        ':username' => $username,
        ':password' => $password
        ]);
        
        
        if($data) {
            $_SESSION['success'] = 'Data send <br><br>';
            
            header('Location: Form.php');
            exit();
            
        }
        
        
    }
            
    
}

    
?>


<!DOCTYPE html>
<html>
<body>
    
    <?php
        if(isset($_SESSION['success'])) {
        echo $_SESSION['success'] . '<br><br>';

            unset($_GET['uname']);
            unset($_GET['psw']);
            unset($_SESSION['success']);
            
        }
        
         
    ?>
    
    <form action="" method="get">
        
        <label for="uname"><b>Username</b></label><br>
        <input type="text" placeholder="Enter Username" name="uname">
        
        <label for="psw"><b>Password</b></label><br>
        <input type="password" placeholder="Enter Password" name="psw">
        <input type="submit" name="login"></input>
     </form>
    
  </body>

Answer 2

Same challenge I faced using a comment box, what I did is to redirect the page to the same page and to an specific "anchor". Example:

<form id="myForm" action="<?php echo $_SERVER['PHP_SELF'];?>#myForm" method="post">
<!--Stuff for form in here -->
</form>

Then for the PHP code I have:

<?php

//Do your stuff and when finished...

$reloadpage = $_SERVER['PHP_SELF']."#myForm";
header("Location:$reloadpage");
exit();

?>

This avoid the F5 resend of the data from the Form

Answer 3

I think that using sessions is best way to prevent this problem

session_start();
if(!isset($_SESSION['s'])){
  $_SESSION['s'] = true;
};

if( !empty( $_POST ) && ($_SESSION['s']) )
{
  //your code
 $_SESSION['s'] = false;
}

Afterwards you may use unset($_SESSION['s']) or destroy_session() if you want users to be able to post something again.

Answer 4

Priyanka,

You are on the right track. What you are trying to implement is actually a well known pattern used in web-developing called the POST/Redirect/GET pattern. (Pattern is a bit of a buzz word now-a-days, so maybe paradigm is a better word for this).

A common implementation of this pattern/paradigm is to simply have only one point of entry.

By doing this, add_user.php could now look like this (it's still not the most elegant, but hopefully it will give you an idea of how to go about implementing it):

<?php

// is this a post request?
if( !empty( $_POST ) )
{
   /*
     process the form submission
     and on success (a boolean value which you would put in $success), do a redirect
   */
   if( $success )
   {
       header( 'HTTP/1.1 303 See Other' );
       header( 'Location: http://www.example.com/add_user.php?message=success' );
       exit();
   }
   /* 
      if not successful, simply fall through here
   */
}

// has the form submission succeeded? then only show the thank you message
if( isset( $_GET[ 'message' ] ) && $_GET[ 'message' ] == 'success' )
{
?>

<h2>Thank you</h2>
<p>
You details have been submitted succesfully.
</p>

<?php
}
// else show the form, either a clean one or with possible error messages
else
{
?>

<!-- here you would put the html of the form, either a clean one or with possible error messages -->

<?php
}
?>

So, how it basically works is this:

• If the request made to the script IS NOT a POST request (i.e. the form has not been submitted) and there is no ?message=success appended to the url then simply show a clean form.
• If the request made to the script IS a POST request, then process the form.
  • If form processing succeeded, redirect to the same script again, and append ?message=success
    • If the request to the script is a request with ?message=success appended to it only show a thank you message, don't show the form.
  • If form processing failed, then let it 'fall through' and show the form again, but this time with some descriptive error messages and with the form elements filled with what the user already had filled in.

Hopefully this, along with the example I gave you, makes enough sense.

Now, the reason you were getting the infamous Warning: headers already sent message is explained in this answer I gave to another question about why certain php calls are better to put at the top of a script (actually, it doesn't necessarily have to be on top, but it has to be called before ANY output (even (accidental) whitespace) is being output).

Answer 5

Use meta refresh

<%meta http-equiv="refresh" content="5;url=http://example.com/" />" at the time of your success message after adding data into the DB.

may be its trick to avoid reloading .

Thanxs, Gobi.

Answer 6

Please use ob_start(); statement in first line itself.

Answer 7

But getting warning as Cannot modify header information - headers already sent

Is there something wrong with using output buffering? Why does your page send headers even though it's only doing work in the database? Do you have a space or a newline before the first "

You've got the solution, you should just make it work.