Hello guys,
I actually have 2 questions:-
1- I'm using a form with a POST method. When I click the browser back button (the action of the form is the same page),I get a message from the broswer telling be that it should resend the data again. I'm trying that because if there are errors and users want to press the back button to correct them.
My question is how can I prevent the message from being displayed? for users convenience.

2- How can I prevent users from submitting a form multiple times? I've read some posts talking about putting a unique value (like a value generated by MD5 function) in a hidden field and check that value. Would you please explain that in more details?

Thanks a lot for helping me out solving these problems.

I'd say if they make mistakes then they should be able to edit them later on and if they shouldn't be able to make mistakes some client-side validation.

For as far as I know, once a form has been submitted there is no way to stop it half-way through it's request.

before your query apply conditon that if that record already exist in database then dont again exicute that query. by doing that u can submit page multiple time but operation will perform single

Thanks guys for the replies
for the first question: maybe my point wasn't clear enough. My point is when I submit a form (POST method is used not GET) and press the back browser button, a message from the browser tells me that the page should be sent again and I have 2 options Resend or Cansel. How can I get rid of it?

for the second question: It's a good idea to check one of the input values is exist in the DB or not. But what about the method I explained above?

Thanks

You don't want the message then don't use POST or the backbutton. Or hack whichever browser you have so you don't get it.

Another way might be to use ajax to post instead of the form.submit()

You can't force someone not to press the back button can you?
I have to use POST method because I don't want to submit the data in the URL.

To avoid this problem, send the form info to a new page (let's call it formhandler.php), do the handling/db updates etc. then have the page send the user to another page or the original form page with a header() statement.

In addition let the formhandler manage server-side validation and send info to the form page (you could do this via $_SESSION at $_GET) so that original info is included in the form fields except for the ones where there is an error, these can be coloured red or something or could have a message next to them.

Client-side validation catches 99% of form errors, but you should always have server-side validation as a last line of defence.

There are loads of js scripts available, I tend to use YAV for client side validation and code my own server-side. The cleint-side validation will halt form submission until it is satisfied that the data is correct/acceptable.

If your form is well designed, server-side validation should almost never bump you back to the form as client-side validation should cover it. Notable exceptions are when people are trying to hack, e.g. using spoofed forms or when a value has a duplicate in a db, e.g. somebody requesting a username that is already taken (js alone can't handle this).

Is there another way? I mean without using header. If you guys can check yahoo registration form, yahoo actually implemented it without using header. If you just enter the first name field and leave the rest empty and press the submit, you get error messages. if you refresh the page or click the browser back button, you will get to yahoo login page.

Can anyone shows me the right way to do it?

This article has been dead for over six months. Start a new discussion instead.