Can't redirect users who use their back button; $_GET vars aren't handled?

[guttyguppy]

I have two php files. The first has a field for a secret code the user gets from a package. They submit the code, and go to a second php file. If the code they entered is valid and unused, they see can fill out their address to receive a free sample of more product. If not, they are redirected back to the first php file and given an error message. If they try to access the 2nd php file directly, they are also redirected back to the first one.

Everything is working fine, except when the user enters a valid code on the first page, enters their address on the second page, hits submit, gets a success message, and then hits the back button. If they do that, they see the address form again, and can potentially enter a different address, submit, and get the success message again.

I thought I had it covered with

if(empty($_GET['code'])||!isset($_GET['code'])){
header('Location: http://website.com/entercode.php?p=empty'); //they didn't enter a code, or they came directly to this page
}
else {
//look up the code in the database, see if it's invalid or already used 	
}

in other words, doesn't the browser check for $_GET superglobals when the user hits the back button? Since the user stays on the second page, it seems as if the browser does check. Then why aren't they being sent back to the first page in that case?

[AyKay47]

are you unsetting the $_GET variable after the user enters an address?

[guttyguppy]

That makes sense, but I don't know how to get the code querystring out of the url when they submit the form.

[AyKay47]

isn't that what you are doing here?

 

if(empty($_GET['code'])){
header('Location: http://website.com/entercode.php?p=empty'); //they didn't enter a code, or they came directly to this page
}
else {
//look up the code in the database, see if it's invalid or already used 	
}

 

btw, the isset() is not needed if you are checking for it being empty