Destroy $_POST vars after use - is it possible?

The common way to avoid this is check the table for the values before
entering them again. That way, it doesn't matter if the user refreshes at
all.
<bi******@yahoo.co.uk> wrote in message
news:11**********************@g14g2000cwa.googlegr oups.com...

Hi,

How would I go about destroying POST vars after their use in a script?
Is this possible?

The reason is that when I use a script that, for example, add a row to
a database. If for some reason the user refreshes the page, it will add
another row. Is it the browser that resends the POST vars when a page
is refreshed?

Whats the common way to avoid this?

Cheers

Burnsy

bi******@yahoo.co.uk wrote:

How would I go about destroying POST vars after their use in a script?
Is this possible?

The reason is that when I use a script that, for example, add a row to
a database. If for some reason the user refreshes the page, it will add
another row. Is it the browser that resends the POST vars when a page
is refreshed?

After processing redirect to the destination using header/location.

Daniel is absolutely right, the most effective way to prevent reposting is
to process the form variables and then redirect the browser to the
destination page. If the user refreshes, the destination page will be
refreshed and not the script that processes the form.

To do this, you will have to make sure that you have not sent any headers
BEFORE redirecting. Any kind of HTML output such as echo or print will cause
headers to be sent automatically, so you must process the form variables
without using them. Note also that when you use the header redirect all the
local PHP variables will be reset, including any notice or warning/error
message that you have created while processing the input. Therefore, you
must use sessions to save any variables you intend to use on the destination
page. You should also call exit() after redirecting.

To be exact, do something like this:

<?
// this point must be the start of the script (or no headers sent before
this line)
session_start();
if(isset($_POST))
{ // process form variables
// ... insert into table, etc
// ... set session variables you want to keep using
$_SESSION["pagevars"] = ...
header("location: destination_url.php");
exit;
}
// ... code to run if no form was submitted:
?>

ECRIA
http://www.ecria.com

bi******@yahoo.co.uk wrote:

Hi,

How would I go about destroying POST vars after their use in a script?
Is this possible?

The reason is that when I use a script that, for example, add a row to
a database. If for some reason the user refreshes the page, it will add
another row. Is it the browser that resends the POST vars when a page
is refreshed?

Whats the common way to avoid this?

Cheers

Burnsy

You can do this by simply using unset($_POST); since its just a normal
array of varibles...

*** daemon wrote/escribió (Tue, 02 Aug 2005 08:38:02 GMT):

The reason is that when I use a script that, for example, add a row to
a database. If for some reason the user refreshes the page, it will add
another row. Is it the browser that resends the POST vars when a page
is refreshed?

You can unset $_POST variables the same way as regular variables. However,
when user loads a page using the POST method variables are created again:
remember HTTP is a stateless protocol (all connections are independent).

You should redesign your app so user cannot break things when reloading.
--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group
--

On 2005-08-02 10-38-02 daemon <d4****@shaw.ca> wrote:

bi******@yahoo.co.uk wrote:

Hi,

How would I go about destroying POST vars after their use in a script?
Is this possible?

The reason is that when I use a script that, for example, add a row to
a database. If for some reason the user refreshes the page, it will add
another row. Is it the browser that resends the POST vars when a page
is refreshed?

Whats the common way to avoid this?

Cheers

Burnsy

You can do this by simply using unset($_POST); since its just a normal
array of varibles...

You could either send back a 205 Reset Content (see
<http://www.faqs.org/rfcs/rfc2616.html>) to clear the form or use a 307
Temporary Redirect (same page), to redirect the user to another page after
processing the form data.

HTH,
Simon
--
Simon Stienen <http://slashlife.org/>
"What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done."
/Sherlock Holmes in A Study in Scarlet by Sir Arthur Conan Doyle/

Ok, heres my plan...

I submit a form whos action is to a page called action.php. This script
is capable of handeling many forms on differnent pages and each is
processed using GET parameters such as action.php?action=update (will
call the update code in action, see below)

if (isset($_GET['action'])) {
if ($_GET['action'] == "update") {
//update code goes here
//now redirect them
}
}

The conditional statement if $_GET['action'] == "update" will do the
updating stuff where after it will use php/header to redirect them to
the page which will tell them that the item has been updated. This way,
if the user refreshes after the redirect nothing else will happen.

This, so far, is working a treat. Theres only one problem though. If
the user doesnt fill in every required field I would like to display
and error message on the form page. This will require redirecting the
user and displaying an error message. No probs. How do I also send back
the $_POST variables with the redirect? I dont want to have to ask the
user to fill in the fields again. Is this possible?

Feel free to make comment on my plan as it is much appreciated. Thanks

Burnsy

On 2005-08-10 00-34-40 <bi******@yahoo.co.uk> wrote:

Ok, heres my plan...

I submit a form whos action is to a page called action.php. This script
is capable of handeling many forms on differnent pages and each is
processed using GET parameters such as action.php?action=update (will
call the update code in action, see below)

if (isset($_GET['action'])) {
if ($_GET['action'] == "update") {
//update code goes here
//now redirect them
}
}

The conditional statement if $_GET['action'] == "update" will do the
updating stuff where after it will use php/header to redirect them to
the page which will tell them that the item has been updated. This way,
if the user refreshes after the redirect nothing else will happen.

This, so far, is working a treat. Theres only one problem though. If
the user doesnt fill in every required field I would like to display
and error message on the form page. This will require redirecting the
user and displaying an error message. No probs. How do I also send back
the $_POST variables with the redirect? I dont want to have to ask the
user to fill in the fields again. Is this possible?

Feel free to make comment on my plan as it is much appreciated. Thanks

Burnsy

You should validate the input by the same script which shows the form, so
you can regenerate the form on error and write all the values back into the
fields.

HTH,
Simon
--
Simon Stienen <http://slashlife.org/>
"What you do in this world is a matter of no consequence,
The question is, what can you make people believe that you have done."
/Sherlock Holmes in A Study in Scarlet by Sir Arthur Conan Doyle/

> You should validate the input by the same script which shows the form, so

you can regenerate the form on error and write all the values back into the
fields.

Thanks, that should do it.

I think I shall keep the action.php page for submissions that dont
reuire any form validating, such as a form of checkboxes. Anywathing
that requires data checking I shall do on the same page as the form,
upon successful submission and data checking I shall redirect them to
the display message page.

Cheers

Burnsy