Stop content re-submitting on re-fresh

maxwell_

I have a webpage with a comments form.
Currently when the form is submitted the page reloads and the comment
appears on the page.
If I refresh the page the same comment is again added to the database and page.

I have tried to stop the comment from re-submitting using a header function to re-direct
to a page which also has a header to redirect back to the comments page. The redirect worked
but I lost the two URL parameters that the comments page needs to display properly.

Is there a way to submit the form, keeping the URL parameters, but stop the content from
being re-submitted to the database and page?

try {  

$pdo = new PDO("mysql:host=$hostname;dbname=tutor", $username, $password); 

}catch (PDOExeption $e){  

 echo $e->getMessage();  

 } 

// extract $_GET values from URL

$_def_soft_id = 1;
$_def_id = 9876;

$_soft_id = isset($_GET['software_id']) ? $_GET['software_id'] : $_def_soft_id;
$_id = isset($_GET['id']) ? $_GET['id'] : $_def_id;

$_action = $_SERVER['PHP_SELF'] . '?id=' . $_id . '&amp;software_id=' . $_soft_id;

//////////////////////////////////////////////////

// insert contents of form fields into the database

if(isset($_POST['submit'])) {
$mysql = new mysqli('localhost','tutor','password','tutor') or die('There was a problem connecting to the database');
if($stmt = $mysql->prepare('INSERT INTO guest(name, email, comment, software_id) VALUES (?,?,?,?)')) {

$stmt->bind_param('sssi',$_POST['name'],$_POST['email'],$_POST['comment'],$_POST['software_id']);

$stmt->execute();
$stmt->close();

} else {
  echo 'error: ' . $mysql->error;
}
}

// display database contents on in table

$dbh = $pdo->prepare("SELECT `date`, `name`, `email`, `comment`, `software_id` FROM `guest` WHERE `software_id` = ? ORDER BY `date` DESC"); 

$dbh->bindValue(1, $_GET['software_id'], PDO::PARAM_INT); 
$dbh->execute();   

$dbh->setFetchMode(PDO::FETCH_ASSOC); 

while($row = $dbh->fetch()) {echo '<table width="100%" cellspacing="0" cellpadding="3" class="tablebg">
        <tr class="formlabels">
          <td align="left" class="tl" width="40%">Author:&nbsp;'.$row['name'].'</td>
          <td width="45%" align="left">Date:&nbsp;'.$row['date'].'</td>
          <td width="15%" align="center" class="tr"><a href="mailto:'.$row['email'].'">Email Author</a></td>
          </tr>
        <tr class="formlabels">
          <td colspan="4" class="bl">'.$row['comment'].'</td>
          </tr>
      </table>';
	  }
?>

<html>
<head>
<link rel="stylesheet" href="styles.css" type="text/css" media="screen" />
</head>
<body>
<hr />
<form method="POST" action="<?php echo $_action; ?>">
	<table>
  <input type="hidden" name="id" value="<?php echo $_GET['id'];?>"/>
	  <br/>
	 <input type="hidden" name="software_id" value="<?php echo $_GET['software_id'];?>"/>
     <tr><td>Name:</td></tr>
	  <tr>
	    <td> <input name="name" type="text" value="" size="45" /></td></tr>
       <tr><td>Email:</td></tr>
        <tr><td><input type="text" name="email" value="" size="45" /></td></tr>
        <tr><td>Comment:</td></tr>
   <tr><td><textarea cols="80" rows="6" name="comment" value="" ></textarea></td></tr>    

   <tr><td><input type="submit" name="submit" value="Add Comment" /></td><td>&nbsp;</td></tr>
  </table>
</form>
<br />
<br />
   </body>
</html>

anoopmail

The redirect worked
but I lost the two URL parameters that the comments page needs to display properly.

wondering why it lost the url parameters. can u show me your redirect code?

maxwell_

I have found that if I don't include the two lines bellow and set up a re-direct,

or submit the form directly to comment_confirm.php
my INSERT statement doen't work, no comment is added to the database

$action = $SERVER['PHP_SELF'] . '?id=' . $id . '&software_id=' . $soft_id;

Is there a way I can tack on a redirect, something like

$action = $SERVER['PHP_SELF'] . '?id=' . $id . '&software_id=' . $soft_id . 'CODE TO REDIRECT TO comment_confirm.php';

Then on comment_confirm.php

if(isset($_POST['submit'])){
header('Location: fulltitle.php');
//exit;
}
I would like to tack the parameters id and software_id onto fulltitle.php
something like this

if(isset($GET['software_id'])) header('Location: fulltitle.php?software_id='.$GET['software_id'] . '&id=' . $_GET['id'] ); */

But because the original comment form submission uses POST
I can't find a way to do it!

bradgrafelman

One way would be to store the POST'ed variables in a [man]session[/man] and modify your comment_confirm.php script to look for the session variables instead.

anoopmail

try this

if(isset($_POST['submit'])){
$url = 'fulltitle.php?' . http_build_query($_GET) ;
header('Location: ' . $url);
//exit;
}

maxwell_

The redirect worked but did not contain any parameters

URL -

http://www.online.org.uk/admin/fulltitle.php?

I commented out the redirect and added a var_dump

Result of var_dump

postarray(6) {
["id"]=>
string(1) "3"
["software_id"]=>
string(1) "3"
["name"]=>
string(7) "Michael"
["email"]=>
string(5) "myeamail@test.com"
["comment"]=>
string(4) "testing comment"
["submit"]=>
string(11) "Add Comment"
}

maxwell_

I tried changing

$url = 'fulltitle.php?' . http_build_query($_GET);

to -

$url = 'fulltitle.php?' . http_build_query($_POST) ;

This resulted in a url containing all of the array keys and values
apart from the only two I need

id, and software_id

url -

http://www.online.org.uk/admin/fulltitle.php?id=&software_id=&name=Michael&email=Boyce&comment=testingcommentd+Comment

anoopmail

ok, what are the 2 params u think missing?

maxwell_

Sorry, I made the mistake of testing the page without actually
navigating to it from another page, the id and software_id parameters are included
in the URL, so everything looks fine when redirected back to the comments page.
The problem I now have is trying to get the form submission into the database.
The previous code relied on these two lines being run -

$action = $SERVER['PHP_SELF'] . '?id=' . $id . '&software_id=' . $soft_id;

Is there a way to submitting the form directly to comment_confirm.php
and also run the INSERT statement?

anoopmail

$_action = 'comment_confirm.php?id=' . $_id . '&amp;software_id=' . $_soft_id;

maxwell_

I tried placing the six lines bellow where they are in the code posted with this reply.
The redirect worked but not data was added to the database.

I tried placing the six line after the line $stmt->close();
now the data is added to the database but the redirect no longer works.

Six lines -

$def_soft_id = 1;
$def_id = 9876;

$soft_id = isset($GET['software_id']) ? $GET['software_id'] : $def_soft_id;
$id = isset($GET['id']) ? $GET['id'] : $def_id;
$id . '&software_id=' . $soft_id);
$action = 'comment_confirm.php?id=' . $id . '&software_id=' . $_soft_id;

try {  

$pdo = new PDO("mysql:host=$hostname;dbname=abonline_tutor", $username, $password); 

}catch (PDOExeption $e){  

 echo $e->getMessage();  

 } 

$_def_soft_id = 1;
$_def_id = 9876;

 $_soft_id = isset($_GET['software_id']) ? $_GET['software_id'] : $_def_soft_id;
$_id = isset($_GET['id']) ? $_GET['id'] : $_def_id;
$_id . '&amp;software_id=' . $_soft_id); 
$_action = 'comment_confirm.php?id=' . $_id . '&amp;software_id=' . $_soft_id; 

if(isset($_POST['submit'])) {

$mysql = new mysqli('localhost','abonline_aetutor','g}[m(8l+bq26','abonline_tutor') or die('There was a problem connecting to the database');
if($stmt = $mysql->prepare('INSERT INTO guest(name, email, comment, software_id) VALUES (?,?,?,?)')) {

$stmt->bind_param('sssi',$_POST['name'],$_POST['email'],$_POST['comment'],$_POST['software_id']);

$stmt->execute();
$stmt->close();

} else {
  echo 'error: ' . $mysql->error;


}

}


$dbh = $pdo->prepare("SELECT `date`, `name`, `email`, `comment`, `software_id` FROM `guest` WHERE `software_id` = ? ORDER BY `date` DESC"); 

$dbh->bindValue(1, $_GET['software_id'], PDO::PARAM_INT); // assuming it's an integer    

$dbh->execute();   

$dbh->setFetchMode(PDO::FETCH_ASSOC); 

while($row = $dbh->fetch()) {echo '<table width="100%" cellspacing="0" cellpadding="3" class="tablebg">
        <tr class="formlabels">
          <td align="left" class="tl" width="40%">Author:&nbsp;'.$row['name'].'</td>
          <td width="45%" align="left">Date:&nbsp;'.$row['date'].'</td>
          <td width="15%" align="center" class="tr"><a href="mailto:'.$row['email'].'">Email Author</a></td>
          </tr>
        <tr class="formlabels">
          <td colspan="4" class="bl">'.$row['comment'].'</td>
          </tr>
      </table>';

  }

?>

<html>
<head>
<link rel="stylesheet" href="styles.css" type="text/css" media="screen" />
</head>
<body>

<?php //echo $_action; ?>
<hr />
<form method="POST" action="<?php echo $_action; ?>">
	<table>
  <input type="hidden" name="id" value="<?php echo $_GET['id'];?>"/>
	  <br/>
	 <input type="hidden" name="software_id" value="<?php echo $_GET['software_id'];?>"/>
     <tr><td>Name:</td></tr>
	  <tr>
	    <td> <input name="name" type="text" value="" size="45" /></td></tr>
       <tr><td>Email:</td></tr>
        <tr><td><input type="text" name="email" value="" size="45" /></td></tr>
        <tr><td>Comment:</td></tr>
   <tr><td><textarea cols="80" rows="6" name="comment" value="" ></textarea></td></tr>    

   <tr><td><input type="submit" name="submit" value="Add Comment" /></td><td>&nbsp;</td></tr>
  </table>
</form>
<br />
<br />
    <?php //var_dump($_GET); exit; ?>
</body>
</html>

comment_confirm.php code

if(isset($_POST['submit'])){ 
$url = 'fulltitle.php?' . http_build_query($_POST) ; 
header('Location: ' . $url); 
//exit; 
}

anoopmail

I did not understand completely what code changes you did. anyways try this

if(isset($_GET['submit'])){
$url = 'fulltitle.php?' . http_build_query($_POST) ;
header('Location: ' . $url);
exit;
}

maxwell_

Sorry for not explaining myself more clearly.

The code you suggested is the code on the comment_confirm.php page
which redirects back to fulltitle.php. That page is working fine as is!

if(isset($_POST['submit'])){ 
$url = 'fulltitle.php?' . http_build_query($_POST) ; 
header('Location: ' . $url); 
//exit; 
}

The problem is trying to get the INSERT statement to complete before the fulltitle.php page
directs to comment_confirm.php. It looks as if pressing submit

action="<?php echo $_action; ?>">

causes the line

$action = 'comment_confirm.php?id=' . $id . '&software_id=' . $_soft_id;

to run before the INSERT statement.
I have tried placing the $_action line at different locations within the code thinking
that if I place it after the INSERT statement the INSERT statement will run first,
although that doesn't appear to be the case!
Is there perhaps a way I could place a marker after the INSERT statement then
redirect only if marker has been reached?

Thank you for your help!

anoopmail

I did not find any redirect code in your posted code. You probably need to replace

$stmt->execute();
$stmt->close();

with

$stmt->execute();
$stmt->close(); 
header('location:' . $_action); 
exit;

maxwell_

Please see comments in the code posted with this reply!

Many thanks

try {  

$pdo = new PDO("mysql:host=$hostname;dbname=tutor", $username, $password); 

}catch (PDOExeption $e){  

 echo $e->getMessage();  

 } 

$_def_soft_id = 1;
$_def_id = 9876;

 $_soft_id = isset($_GET['software_id']) ? $_GET['software_id'] : $_def_soft_id;
$_id = isset($_GET['id']) ? $_GET['id'] : $_def_id;
$_id . '&amp;software_id=' . $_soft_id); 

//PLACE $_action LINE HERE, DATA IS ENTERED INTO DATABASE, PAGE DOES NOT REDIRECT
//$_action = 'comment_confirm.php?id=' . $_id . '&amp;software_id=' . $_soft_id; 



if(isset($_POST['submit'])) {

$mysql = new mysqli('localhost','abonline','pass','tutor') or die('There was a problem connecting to the database');
if($stmt = $mysql->prepare('INSERT INTO guest(name, email, comment, software_id) VALUES (?,?,?,?)')) {

$stmt->bind_param('sssi',$_POST['name'],$_POST['email'],$_POST['comment'],$_POST['software_id']);

$stmt->execute();
$stmt->close();

//PLACE $_action LINE HERE, DATA IS NOT ENTERED INTO DATABASE, PAGE REDIRECTS SUCCESSFULLY
$_action = 'comment_confirm.php?id=' . $_id . '&amp;software_id=' . $_soft_id;
header('location:' . $_action); 


} else {
  echo 'error: ' . $mysql->error;


}

}


$dbh = $pdo->prepare("SELECT `date`, `name`, `email`, `comment`, `software_id` FROM `guest` WHERE `software_id` = ? ORDER BY `date` DESC"); 

$dbh->bindValue(1, $_GET['software_id'], PDO::PARAM_INT); 
$dbh->execute();   

$dbh->setFetchMode(PDO::FETCH_ASSOC); 

while($row = $dbh->fetch()) {echo '<table width="100%" cellspacing="0" cellpadding="3" class="tablebg">
        <tr class="formlabels">
          <td align="left" class="tl" width="40%">Author:&nbsp;'.$row['name'].'</td>
          <td width="45%" align="left">Date:&nbsp;'.$row['date'].'</td>
          <td width="15%" align="center" class="tr"><a href="mailto:'.$row['email'].'">Email Author</a></td>
          </tr>
        <tr class="formlabels">
          <td colspan="4" class="bl">'.$row['comment'].'</td>
          </tr>
      </table>';

  }

?>

<html>
<head>
<link rel="stylesheet" href="styles.css" type="text/css" media="screen" />
</head>
<body>

<?php //echo $_action; ?>
<hr />
<form method="POST" action="<?php echo $_action; ?>">
	<table>
  <input type="hidden" name="id" value="<?php echo $_GET['id'];?>"/>
	  <br/>
	 <input type="hidden" name="software_id" value="<?php echo $_GET['software_id'];?>"/>
     <tr><td>Name:</td></tr>
	  <tr>
	    <td> <input name="name" type="text" value="" size="45" /></td></tr>
       <tr><td>Email:</td></tr>
        <tr><td><input type="text" name="email" value="" size="45" /></td></tr>
        <tr><td>Comment:</td></tr>
   <tr><td><textarea cols="80" rows="6" name="comment" value="" ></textarea></td></tr>    

   <tr><td><input type="submit" name="submit" value="Add Comment" /></td><td>&nbsp;</td></tr>
  </table>
</form>
<br />
<br />
   </body>
</html>

maxwell_

I tried testing the site locally and received this error,
the error doesn't appear when testing remotely!

The requested URL /abe2/tutor/public/software/<br /><b>Notice</b>: Undefined variable: _action in <b>C:\Users\test\Desktop\apache\htdocs\abe2\tutor\public\software\guest.php</b> on line <b>121</b><br /> was not found on this server.

This is line 121

<form method="POST" action="<?php echo $_action; ?>">

Main part of current code

if(isset($_POST['submit'])) {

$mysql = new mysqli('127.0.0.1','root','root','abe') or die('There was a problem connecting to the database');
if($stmt = $mysql->prepare('INSERT INTO guest(name, email, comment, software_id) VALUES (?,?,?,?)')) {

$stmt->bind_param('sssi',$_POST['name'],$_POST['email'],$_POST['comment'],$_POST['software_id']);

$stmt->execute();
$stmt->close();
$_action = 'comment_confirm.php?id=' . $_id . '&amp;software_id=' . $_soft_id; 
header('location:' . $_action);	

//REDIRECT NOT WORKING
} else {
  echo 'error: ' . $mysql->error;


}

}

anoopmail

$form_action = 'comment_confirm.php?id=' . $_GET['id'] . '&amp;software_id=' . $_GET['soft_id']; 
if(isset($_POST['submit'])) {

then

<form method="POST" action="<?php echo $form_action; ?>">

maxwell_

Redirect now working still no data entered into database!
Would it be possible to try and varify that data has been entered
into the database, something like -

if (mysqli_num_rows($data) == 1) {

Now redirect

}

$form_action = 'comment_confirm.php?id=' . $_GET['id'] . '&amp;software_id=' . $_GET['soft_id']; 
if(isset($_POST['submit'])) {

$mysql = new mysqli('localhost','tutor','password','tutor') or die('There was a problem connecting to the database');
if($stmt = $mysql->prepare('INSERT INTO guest(name, email, comment, software_id) VALUES (?,?,?,?)')) {

$stmt->bind_param('sssi',$_POST['name'],$_POST['email'],$_POST['comment'],$_POST['software_id']);

$stmt->execute();
$stmt->close();
header('location:' . $form_action);
//$_action = 'comment_confirm.php?id=' . $_id . '&amp;software_id=' . $_soft_id
} else {
  echo 'error: ' . $mysql->error; 
}
}

<form method="POST" action="<?php echo $form_action; ?>">
	<table>
  <input type="hidden" name="id" value="<?php echo $_GET['id'];?>"/>
	  <br/>
	 <input type="hidden" name="software_id" value="<?php echo $_GET['software_id'];?>"/>
     <tr><td>Name:</td></tr>
	  <tr>
	    <td> <input name="name" type="text" value="" size="45" /></td></tr>
       <tr><td>Email:</td></tr>
        <tr><td><input type="text" name="email" value="" size="45" /></td></tr>
        <tr><td>Comment:</td></tr>
   <tr><td><textarea cols="80" rows="6" name="comment" value="" ></textarea></td></tr>    

   <tr><td><input type="submit" name="submit" value="Add Comment" /></td><td>&nbsp;</td></tr>
  </table>
</form>

anoopmail

u changed the variable used in header() from $action to $form_action. U need to revert it. retain the followinbg line also

$_action = 'comment_confirm.php?id=' . $_id . '&amp;software_id=' . $_soft_id;
header('location:' . $_action);
exit;

also

<form method="POST" action="">

maxwell_

Thanks for the help, it is appreciated!

I tried the following -

Data is added to database no redirect
<form method="POST" action="<?php echo $_action; ?>">

Data is added to database no redirect
<form method="POST" action="">

No data is added to database page redirects successfully
<form method="POST" action="<?php echo $form_action; ?>">

with this code

$form_action = 'comment_confirm.php?id=' . $_GET['id'] . '&amp;software_id=' . $_GET['soft_id']; 
if(isset($_POST['submit'])) {

$mysql = new mysqli('localhost','tutor','password','tutor') or die('There was a problem connecting to the database');
if($stmt = $mysql->prepare('INSERT INTO guest(name, email, comment, software_id) VALUES (?,?,?,?)')) {

$stmt->bind_param('sssi',$_POST['name'],$_POST['email'],$_POST['comment'],$_POST['software_id']);

$stmt->execute();
$stmt->close();
$_action = 'comment_confirm.php?id=' . $_id . '&amp;software_id=' . $_soft_id;
header('Location:' . $_action);
} else {
  echo 'error: ' . $mysql->error; 
}
}