Preventing submission refresh

I have a small form on my index.php page. It is working great with one exception, if the user refreshes the page it submits the form again.

Heres the code I am using.

Head:
<?php
error_reporting(E_ALL ^ E_NOTICE); // hide all basic notices from PHP
$emailSent = isset($_POST['isSent'])?$_POST['isSent']:FALSE;
//If the form is submitted
if(isset($_POST['submit']) && !$emailSent) {

// we need at least some content
if(trim($_POST['comments']) === '') {
$commentError = 'You forgot to enter a message!';
$hasError = true;
} else {
if(function_exists('stripslashes')) {
$comments = stripslashes(trim($_POST['comments']));
} else {
$comments = trim($_POST['comments']);
}
}

// upon no failure errors let's email now!
if(!isset($hasError)) {

$emailTo = 'utopianwd@gmail.com';
$replyEmail = 'reply@email.com';
$subject = 'Submitted message on Site.ca';
//$sendCopy = trim($_POST['sendCopy']);
$body = "Comments: $comments";
$headers = 'From: ' .' <'.$emailTo.'>' . "\r\n" . 'Reply-To: ' . $replyEmail;

mail($emailTo, $subject, $body, $headers);

// set our boolean completion value to TRUE
$emailSent = true;
}
}
?>

Body:
<div id="actform">
<h3><img src="./_layout/images/bg-checklist.png" />Got an idea? Let us know below</h3>
<form action="index.php" method="post">
<input type="hidden" name="isSent" value="<?php echo ($emailSent)?1:0; ?>" />
<textarea name="comments" class="actform" placeholder="Message:"></textarea>
<input type="submit" value="Submit" name="submit" class="subname" />
</form>
<div class="spacer"></div>
</div>

What am I doing wrong?

Thanks,
Geoserv.

Record the form submission in the session.

Put a unique random number in a hidden form element and when the form is submitted check for it in the session.

If its not there, continue processing and then put it in the session. If it is there, do not process the form.

Also please don't check for the submit button in you code - see my signature.

Thanks.

Any idea on how to implement the items you suggested? Especially the IE issue?

Use unset:

<?php
error_reporting(E_ALL ^ E_NOTICE); // hide all basic notices from PHP
$emailSent = isset($_POST['isSent'])?$_POST['isSent']:FALSE;
//If the form is submitted
if(isset($_POST['submit']) && !$emailSent) {

// we need at least some content
if(trim($_POST['comments']) === '') {
$commentError = 'You forgot to enter a message!';
$hasError = true;
} else {
if(function_exists('stripslashes')) {
$comments = stripslashes(trim($_POST['comments']));
} else {
$comments = trim($_POST['comments']);
}
}

// upon no failure errors let's email now!
if(!isset($hasError)) {

$emailTo = 'utopianwd@gmail.com';
$replyEmail = 'reply@email.com';
$subject = 'Submitted message on Site.ca';
//$sendCopy = trim($_POST['sendCopy']);
$body = "Comments: $comments";
$headers = 'From: ' .' <'.$emailTo.'>' . "\r\n" . 'Reply-To: ' . $replyEmail;

mail($emailTo, $subject, $body, $headers);

// set our boolean completion value to TRUE
$emailSent = true;
}
unset($_POST);
}

?>

Use unset:

That will do nothing. As soon as a user hits the refresh button on their browser, the $_POST array is filled with the same data again. unsetting it at the end of the first instance of the script will not unset it for future instances.

Any idea on how to implement the items you suggested?

Yes, as mentioned in my previous reply :thumbsup:

Put a unique number (from uniqid() ) into your form inside a hidden element.

When the form is submitted, look for that value in the session (the session is $_SESSION array - call session_start() at the top of the script to use it).

If it is not there, continue to process the form. If it IS there then do not process the form.


Especially the IE issue?

All in my signature. Click the "IE isset bug explained" link.