newthink.net

Solving The HTTP Double-Post Dilema

Posted on 06. Mar, 2007 by Ash Christopher in Software Development

Everyone who has done any sort of web development, and made use of the HTTP POST has run into this problem. If you haven’t, are you sure you are doing proper QA?

Basically, the problem comes from having the POST information still resident after an HTTP POST. If the user were to refresh their browser, that POST information will be resent, resulting in a double post. There are many ways to solve this problem, but the one I will outline (in PHP) seemed like the best for my situation.

Let us assume we have a text input and a button and that our form.php file will process our form as well as present it to the user (yes, I know this isn’t a good idea, but it is just an example).

<form method=”post” action=”form.php”>
    <input name=”mytext” />
    <input name=”submitBtn” type=”submit” />
</form>

When we load the page, we are going to check whether the $_POST variable is set. If it is, then we are going to do something with it.

session_start();

if(isset($_POST['mytext']))
{
    saveToDatabase($_POST['mytext']);
}

Now that we are doing something with this $_POST['mytext'] variable, we can see the double-post problem materialize. Since the HTTP POST is still populated, when the user presses refresh on their browser, the $_POST['mytext'] will be saved to the database twice.

What we need to do is get rid of the $_POST variable after we are done using it.

At the beginning of the form.php file I am going to create a server-side session to store any post information we get. Then I have a check to see whether the $_POST array has been populated.

If the $_POST has been populated, we are going to store the post information in the server-side session we have started and we send a blank header back out (which removes the HTTP POST).

if (isset($_POST['myText']))
{
    $_SESSION['myText'] = $_POST['myText'];
    header(“Location: form.php”);
}

Now, we have gotten rid of the POST which removes the double-post problem, and have stored the information from the $_POST for use. We can then access the POST information stored in the session. Once we have copied the POST information from the session, we will unset the session so that the information doesn’t stay resident.

if (isset($_SESSION['myText']))
{
    $myEnteredText = $_SESSION['myText'];
    unset($_SESSION['myText']);
}

Now you can use the POST information without running the risk of a double post.

If you would like to see this tutorial in action, create a form.php file on your webserver, and paste the following:

<?
    session_start();

    if (isset($_SESSION['myText']))
    {
        $myEnteredText = $_SESSION['myText'];
        unset($_SESSION['myText']);
    }

    if (isset($_POST['myText']))
    {
        $_SESSION['myText'] = $_POST['myText'];
        header(“Location: form.php”);
    }
?>

<html>
<head>

</head>
<body>

<form action=”form.php” method=”POST”>

<?
    if (isset($myEnteredText))
    {
        echo “<p>The message you entered was \”".$myEnteredText.”\”</p>”;
    }
?>

<input name=”myText” type=”text” />
<input name=”submitBtn” type=”submit” value=”ok” />

</form>
</body>

</html>

Tags: PHP, Software