how to stop a form submitting when page is refreshed.

[perky416]

Hi Guys,

 

Im trying to create a registration form so users can sign up to my website, however i have noticed that when the page is refreshed the form automatically submits.

 

Please could somebody help me stop this?

 

Thanks

<body>

<form name="registration_form" method="post" onsubmit="return Validate();">
First Name: <input type="text" name="first_name"><br />
Last Name: <input type="text" name="last_name"><br />
Email: <input type="text" name="email"><br />
Confirm Email: <input type="text" name="confirm_email"><br />
Username: <input type="text" name="username"><br />
Password: <input type="password" name="password"><br />
Confirm Password: <input type="password" name="confirm_password"><br />
<input type="submit" value="Register">
</form>

<?php
$connect=mysql_connect("localhost","leemp5_admin","p7031521");
mysql_select_db("leemp5_database",$connect) or die (mysql_errno().":<b> ".mysql_error()."</b>");

$insert_query = 'insert into users (username,first_name,last_name,email,password) 
				values
				(
				"' . $_POST['username'] . '", 
				"' . $_POST['first_name'] . '",
				"' . $_POST['last_name'] . '",
				"' . $_POST['email'] . '",
				"' . $_POST['password'] . '"
				)';

mysql_query($insert_query);
?>


</body>

 

[Pikachu2000]

You mean after the form has already been successfully submitted it will resubmit if refreshed, right? If that's the case, you can use a header() redirect after successful submission to dump the contents of the $_POST array.

[perky416]

Hi mate,

 

No, even if the form has not been submitted, whenever the page is refreshed (by pressing F5 or using the browsers refresh button) the form submits itself.

 

Iv tried searching google however i can only find solutions like you say, how to solve it after the form has been submitted.

 

Its really confused me.

 

Thanks

[floridaflatlander]

Do you have your form set to where it will only submit when all the varliables are set?

If so maybe something like $var = ""; will work when it is placed at the end of your code. It would be like $var = 1; the script starts running enters the data in the dtabase, then $var gets redifined to $var = ""; just before the closing php tag (?>), this way when your script tries to run again the $var is not defined and the script wont run. Or you can do a check for double entry.

[Pikachu2000]

Looking at your code, the form isn't submitting. There's simply no logic in it at all to prevent the database INSERT query from running whenever the page loads. You need to verify that the form has been submitted, validate and sanitize the data, and only then allow the record to be inserted.

[lee2010]

you also will want to hash the users password using md5 or better still sha1

 

sha1($_POST['password'])

 

if you do this remember on your login script to also hash the password otherwise they won't match 

 

and protect your site from sql injection with this

 

$_POST = array_map('strip_tags', $_POST);
$_POST = array_map('mysql_real_escape_string', $_POST);