Ctrl+r in firefox for refreshing page and it's problem to my php code

Question

i have create a form (so it's PHP and HTML hybrid-code). it has ability to send '$_POST'. And when i click it, it work perfectly on sending and displaying input.

But there's something happening when i click ctrl+r in firefox for represhing the page. I got this confim dialog : "To display this page, Firefox must send information that will repeat any action (such as a search or order confirmation) that was performed earlier"

my question

1. what is it, (this confirm dialog ?)
2. what i have to do on my code so it able to suppress this dialog ?

Answer 1

Submitting a form (sending a POST request) is commonly used to confirm an order on eCommerce sites. Therefore, submitting it twice would submit the order, twice. Therefore browsers, tend to ask for confirmation that a user wants to send the POST request again.

In order to prevent this, you need to make the refresh do a GET request instead of a POST request. To do this, simply redirect to the same page after processing the form.

header("Location: /path/to/self");

This will make it so when the user hits refresh, it will be sending a GET request instead of a POST request, and it won't prompt for confirmation.

---

To clairify, it goes like this:

• Form gets sent via POST (User clicks on form)
• Form gets processed
• User gets redirected to the same page (via GET)
• User now will be refreshing a GET request instead of a POST request.

Answer 2

I guess whenever your form (php, asps, static html etc) contains post information that may either form field infor or other, is sent to the server via firefox, it displays such a message before sending the data again to server. it serves as a security protection from Mozilla developers. I guess it can be disabled via about:config but it is not recommended to so.

Also it is a normal behaviour. It should be like this and have been like this for a fairly long time in firefox.

You may like to have a look here: http://forums.mozillazine.org/viewtopic.php?f=38&t=682835&st=0&sk=t&sd=a&hilit=Firefox+must+send

alternatively use GET instead of POST to send your data...

Regards

Answer 3

You probably have created an HTML page that contains a <form>. The form is used to send data to the HTTP server (that is, the webserver that hosts your site).

The HTTP protocol defines different request types used to send data to the server and to retrieve data from the server. The most used are GET and POST. You must learn about all this if you want to be anything more than a very bad PHP programmer, which is unfortunately (or fortunately, if you are on the hacker side) very common.

Your problem is that Firefox has arrived on the page you are talking about after sending a POST request. If you reload the page, it has to send the same data again in the form of a POST. Due to the conventions on what a POST request should be used for (usually to modify data on a database), the browser asks the user if he is sure about what he wants to do.

There are mainly two options to circumvent this:

1. Change the form method to GET; or
2. Use a redirection after the POST.

To use the first method, you could simply add a method="get" parameter to your form tag:

<form action="senddata.php" method="get"> ... </form>

To use the second method, you simply redirect the user after the POST request, using something like

header("Location: blahblahblah")

The most used pattern is the POST-Redirect, that is, the second method I told you about. There are many security implications on using GET to change data on a database (if you are interested on that, and you should be, as every PHP programmer should, read about XSRF).

Answer 4

If the form was submitted successfully, answer with the status code 303:

header('Location: http://www.example.com/', TRUE, 303);

This forces the browser to use a GET request for the resulting page. A reload won’t send any POST data, and no pop up is shown.