How to Delete $_Post Variable Upon Pressing 'Refresh' Button on Browser with PHP

  • Home
  • Languages
  • PHP
  • How to Delete $_Post Variable Upon Pressing 'Refresh' Button on Browser with PHP

How to delete $_POST variable upon pressing 'Refresh' button on browser with PHP?

The request header contains some POST data. No matter what you do, when you reload the page, the rquest would be sent again.

The simple solution is to redirect to a new (if not the same) page. This pattern is very common in web applications, and is called Post/Redirect/Get. It's typical for all forms to do a POST, then if successful, you should do a redirect.

Try as much as possible to always separate (in different files) your view script (html mostly) from your controller script (business logic and stuff). In this way, you would always post data to a seperate controller script and then redirect back to a view script which when rendered, will contain no POST data in the request header.

Unset post variables after form submission

The post/redirect/get is a good option as some posters have already mentioned.

One another way I can think of is to set a session in the dostuff.php page to indicate that the posting has already been done. Check this session var each time to see if the page is being loaded again because of a page refresh.

<?php
    session_start();
    if(isset($_SESSION['indicator'])) 
    {
        /*
        dont do anything because session indicator says 
        that the processing was already done..

        you might want to redirect to a new url here..          
        */
    }   
    else
    {

        /*
        first set session indicator so that subsequent 
        process requests will be ignored
        */
        $_SESSION['indicator'] = "processed"; 

        //process the request here..
    }
    ?>

In the page you redirect to, unset the session var so that the form can be resubmitted again afresh, making it a new post operation. This will allow new form posts but will prevent post operations due to page refresh

PHP Clear $_POST data. Prevent form resubmission when page is refreshed

After reviewing your logic and re-reading your initial message I see the issue. This appears to be a logical issue.

Gonna take a crack at what I think you are trying to do:

home.php

<?php
    session_start();
    
    // If the session is not 'loaded', send them to login.php
    if (!$_SESSION['loaded'])
    {
        header('Location: login.php');
        exit;
    }
    
    // Todo: Business logic below, etc

login.php sends a post to something (lets say auth.php)

auth.php

<?php
    session_start();

    require_once('dbh.inc.php');
    require_once('functions.inc.php');

    if (!isset($_POST['submit'])) {
        exit;
    }
  
    $userMail = $_POST['email'] = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
    $password = $_POST['pass'] = filter_var($_POST['password'], FILTER_SANITIZE_STRING);

    // Verify the user in some way
    if( $user_is_verified ) {

        // Set this session you used
        $_SESSION['loaded'] = true;

        // Send them back to the home page, now 'loaded' in the session
        header('Location: home.php');

    } else {

        // Send them back to the login page
        // Todo: Maybe also tell them why they failed, maybe in a session variable?
        header('Location: login.php');
    }

Previous Answer: Based on your replies in the comment section and the code that is visible, the simplest implementation would be to also use a header('Location: some_success_url') when the login is successful as well.

In this way, a refresh does nothing but refreshes the some_success_url page, and the back button just takes you back to the login page (or however your logic works when the user is already authenticated)

How to prevent form resubmission when page is refreshed (F5 / CTRL+R)

Use the Post/Redirect/Get pattern. http://en.wikipedia.org/wiki/Post/Redirect/Get

With my website, I will store a message in a cookie or session, redirect after the post, read the cookie/session, and then clear the value of that session or cookie variable.

Clearing _POST array fully

Yes, that is fine. $_POST is just another variable, except it has (super)global scope.

$_POST = array();

...will be quite enough. The loop is useless. It's probably best to keep it as an array rather than unset it, in case other files are attempting to read it and assuming it is an array.

Refresh button VS Back button Vs Re enter the url

try this:

login.php

if (isset($_POST['submit'])) {

  // if validation is ok
  //create session

}

main.php

if ( isset($_SESSION['user']) && isset($_SESSION['pass']) ) {
  echo 'Welcome back';
} else {
  header('Location:../'); // redirect them to login.php
}

logout.php

session_destroy();
header('Location: /login.php');

Related Topics

Php: Different Quotes

Prevent Nginx 504 Gateway Timeout Using PHP Set_Time_Limit()

PHP Sprintf Escaping %

How to Compress/Decompress a Long Query String in PHP

How to Get Greenwich Mean Time in PHP

How to "Mock" Time in PHPunit

Woocommerce:Add Custom Metabox to Admin Order Page

Regex to Strip Comments and Multi-Line Comments and Empty Lines

PHP Variable Interpolation VS Concatenation

How to Use "Root" Namespace of PHP

Passing Multiple PHP Variables to Shell_Exec()

Difference Between PHP Echo and Return in Terms of a Jquery Ajax Call

Preg_Match Special Characters

PHP on Windows with Xampp Running 100 Times Too Slow

PHP Cookie Problem - Www or Without Www

How to Echo in PHP, HTML Tags

PHP Serial Port Data Return from Arduino

PHP Include Best Practices Question


Leave a reply



Submit