[SOLVED] php form keeps resubmitting on refresh, how to fix

[Porko]

Hello , I have this simple and small voting script that I modified though there is a problem with the submition. Everytime someone submits a vote its get counted and given the "Thank you " as a header and link to go back to the previous page. When on the thank you page and refreshing the page the voting keeps getting inserted in the database for some reason.

 

Iam a little bit new to php but i have done alot of reading and banging my head with this issue, so any help will be greatly appreciated. Iam posting the processing and form script if you can show me if possible where to look for solution i might be able to get it fixed myself from there.

 

Thank you very much.

 

processing script :

<?php
ob_start();
@$todo=$_POST['todo'];	
if(isset($todo) and $todo=="submit-rating"){
$rone=$_POST['rone'];




        $msg="";
        $status="OK";
        if(!isset($rone)){$msg=$msg."Please give your score and then click the button";
        $status="NOT OK";
        }				


        if ($status=="OK")
      {
       $result=mysql_query("SELECT rating,nov FROM dd_1 WHERE dd_1.id= $id");
       $rows=mysql_num_rows($result);
       $row=mysql_fetch_object($result);
       

if($rows==0){


	     $query = "INSERT INTO dd_1 (rating, nov) VALUES ('$rating', '$nov') ";
	     $result = mysql_query($query) or die("Error: ". mysql_error(). " with query ". $query);
	     include_once("responses/post-ok.php");
	     exit();
        
	     $off_to = "Location:". $ret_url; 
	     header($off_to);
	     ob_end_flush();

            }else {

           $rating=$row->rating;
           $nov=$row->nov + 1;		
           $status="OK";
           $rating=$rating+$rone;
            
       $query = "UPDATE dd_1 SET rating=$rating, nov=$nov WHERE id=$id ";
       $result = mysql_query($query) or die("Error: ". mysql_error(). " with query ". $query);
       include_once("responses/post-ok.php");
       exit();
	  
       ob_end_flush();
	   
          }	
     }
}

?>

 

 

and the php submit form:

 

 

 

<?php
echo "<TABLE width=120> ";
echo "<form name=f1 action='' method=post>";
//echo "<input type=hidden name=id value='$id'>";
echo "<input type=hidden name=todo value='submit-rating'>";
echo "<tr><td ><INPUT TYPE=RADIO NAME=rone Value=1 onClick='f1()';><img src=images/star.gif></td></tr>";
echo "<tr><td><INPUT TYPE=RADIO NAME=rone Value=2 onClick='f1()';><img src=images/star.gif><img src=images/star.gif></td></tr>";
echo "<tr><td ><INPUT TYPE=RADIO NAME=rone Value=3 onClick='f1()';><img src=images/star.gif><img src=images/star.gif><img src=images/star.gif></td></tr>";
echo "<tr><td ><INPUT TYPE=RADIO NAME=rone Value=4 onClick='f1()';>";
echo "<img src=images/star.gif><img src=images/star.gif><img src=images/star.gif><img src=images/star.gif></td></tr>";
echo "<tr><td ><INPUT TYPE=RADIO NAME=rone Value=5 onClick='f1()';><img src=images/star.gif><img src=images/star.gif><img src=images/star.gif><img src=images/star.gif><img src=images/star.gif></td></tr>";
echo "<tr><td> <INPUT TYPE=SUBMIT value=Vote NAME=Vote>";
echo" </td>	</tr></form></table></center>" ;
?>

[MadTechie]

I'm going to guess here

 

but i would say its redirecting back to vote submitting page..

 

note that $ret_url isn't being set!

 

try changing

           $off_to = "Location:". $ret_url; 

 

to

           $ret_url = "index.php"; //(assuming thats not the submitting page)
           $off_to = "Location:". $ret_url; 

 

EDIT: just noticed the exit();

so that code is never used!

 

can you post post-ok.php

[Porko]

<?php
ob_start();
$title = "Thank You";
$image = "ok.gif";
?>


<?php
$img = "../rate/images/responses/". $image;
$size = @getimagesize($img);
echo "<p><img class='right' src='". $img. "' ". $size[3]. "/>";
?>

<strong>Thank you for your Voting.</strong></p>

<?php
if ($is_approved==0) {
   echo "<p>Thank you for Voting.</p>";
}
echo "<p align='center'><a href='". $_SERVER['HTTP_REFERER']. "'>click here</a> to continue</p>"; 
ob_end_flush(); 
?>

 

 

thats my post ok file

[MadTechie]

Okay in your form

add

$_SESSION['hash'] = time();
echo "<input type='hidden' name='hash' value='".$_SESSION['hash']."'>";

 

and change

if(isset($todo) and $todo=="submit-rating"){

to

if(isset($todo) and $todo=="submit-rating" && (!empty($_SESSION['hash']) && !empty($_POST['hash']) && $_SESSION['hash']==$_POST['hash']) ){

[premiso]

Aside from what Mad posted. Another way is to do a header redirect after the processing is done and send them to a thank you page (or the same page with something set so it just thanks them.)

 

Doing the header redirect will wipe out all post data.

[Porko]

MadTechie thank you for the help, I was thinking about adding sessions so I will try this right now.

 

Edit: MadTechie , submitting the form does not insert the data at the moment

[MadTechie]

I forgot a line

after

if(isset($todo) and $todo=="submit-rating" && (!empty($_SESSION['hash']) && !empty($_POST['hash']) && $_SESSION['hash']==$_POST['hash']) ){

 

add

$_SESSION['hash'] ="";

 

so

if(isset($todo) and $todo=="submit-rating" && (!empty($_SESSION['hash']) && !empty($_POST['hash']) && $_SESSION['hash']==$_POST['hash']) ){
$_SESSION['hash'] ="";

 

the idea is

the post and the session are both set to the same thing when posted..

after the submit, session is wiped (the line i forgot) then the page is refreshed they no longer match

[Porko]

MadTechie thanks a ton man , Iam an idiot, forgot to add session_start ... though the code you gave me works like a charm, Thank you alot and dont relax yet ill be back soon with more noob questions :PPP