Browser go back button Confirm Form Resubmission

Question

I have a search form on my page.

<form action='' method='post'>
    <input type='text' name='search' />
    <input type='sumit' name='submit' value='submit'/>
</form>

When the user clicks the submit button on the form, it should run a mysql_query and create a link to the user page.

if(isset($_POST['search'])){
    $add = "city = {'$_POST['search']'}";
}

$res = mysql_query("SELECT * FROM user WHERE {$add}");
        while($rw=mysql_fetch_object($res)){
        echo "<a href=user.php?id={$rw->user_id}?>{$rw->name}</a>";
        }

When I click on the link user.php?id=3, it goes to the user page and everything is OK. But I have problem when I click the browser's back-button, on user.php page. Then i have problem back to previous page. Confirm Form Resubmission.

Answer 1

To not display the "Confirm Form Resubmission" alert, do you have to change your submission (method) to GET.

<form action='' method='GET'>
    <input type='text' name='search' />
    <input type='sumit' name='submit' value='submit'/>
</form>

...

if(isset($_GET['search'])){
    $res = mysql_query(sprintf("SELECT * FROM user WHERE city='%s'", mysql_real_escape_string($_GET['search']) ));
    while($rw=mysql_fetch_object($res)){
      echo "<a href=user.php?id={$rw->user_id}?>{$rw->name}</a>";
    }
}

Answer 2

You should use get method instead of post. Post resubmissions must be confirmed by most browsers.

P.s.: you shouldn't pass the user input into your sql query directly to prevent the risk of sql injections.

Answer 3

Correct the following:

<input type='sumit' name='submit' value='submit'/>

You are writing type='sumit' instead of type='submit'