0

I have php page where I used a form to submit messaage. It submits to itself :

action="<? php echo $_SERVER['PHP_SELF'];?>"

Then it sends email, and I have a javascript function that uses jnotify, to alert whether message is sent successfully or not. This function checks if php variable $sent=='yes' then notify about sucessful message else notify about error.

The problem is that when user sends message and goes to another page and comes back by using browsers back button, it is displaying notification. I want it to show notification once only and forget about notification when browsers back or refresh used.

What is the best solution for it?

PeeHaa
  • 71,436
  • 58
  • 190
  • 262
Jamol
  • 3,768
  • 8
  • 45
  • 68
  • First of all, try not to use `$_SERVER['PHP_SELF']` due to XSS, unless you filter the HTML. Your webpage might be quite unsafe because of that. (As far as I know, that is; never tested it out - only read about it a lot.) – Robin V. Jul 27 '12 at 20:33
  • @RobinV. - How is `$_SERVER['PHP_SELF']` insecure? can you point to some articles? – Paul Dessert Jul 27 '12 at 20:44
  • @Paul - You can easily find them on Google, just type "php form php_self security", and there will pop some up. The question is of course, whether to believe them or not. – Robin V. Jul 27 '12 at 20:49

3 Answers3

1

Try something like this:

<?php

session_start();

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    if (form_is_valid()) {
        $_SESSION['form_success'] = true;
    } else {
        $_SESSION['form_success'] = false;
    }
    header('Location: ' . $_SERVER['PHP_SELF'];
    exit;
} else if (isset($_SESSION['form_success'])) {
    if ($_SESSION['form_success'])) {
        // insert success javascript
    } else {
        // insert failure javascript
    }
    unset($_SESSION['form_success']);
}

// display_form

This should make it so they only see the success/failure message once, and if they use the back button at a later time, they will not receive a warning about re-submitting post data, and they also won't see a success/failure message twice. The only time that javascript should show is if they just submitted the form in the last request.

drew010
  • 68,777
  • 11
  • 134
  • 162
  • I have if(isset($_POST['submit'])) {} function at the top, how can I implement your code with mine? – Jamol Jul 27 '12 at 21:08
  • The `$_SERVER['REQUEST_METHOD'] == 'POST'` can be replaced by the `isset($_POST['submit'])` that you have. – drew010 Jul 27 '12 at 21:12
  • sorry but it didn`t work. I think after header('Location: ' . $_SERVER['PHP_SELF']; exit; value of SESSION is lost – Jamol Jul 27 '12 at 21:40
  • Do `var_dump($_SESSION);` on subsequent requests. $_SESSION variables persist across requests. – drew010 Jul 27 '12 at 22:00
  • Sorry once again. Your code works GREAT! It was my stupid mistake. I forgot to call session_start(); at the top. I usually create my Session class and use session_start(); inside it, but this time I didn`t. Thanks a lot! – Jamol Jul 27 '12 at 22:16
0

You can use ajax request to send your form. 

$.ajax({
  type: 'POST',
  url: processor.php,
  data: $('#form_id').serialize(),
  success: function(data){
       if(data==0){ alert('message sent'); }else{ alert('message not sent'); }
  }
});
Johndave Decano
  • 2,101
  • 2
  • 16
  • 16
0

I think the Zend Helper Flash messenger might be what you're looking for.

"This means that the message will be available for retrieval on the next request, but unavailable on the request afterwards."

additional documentation

Mr Griever
  • 4,014
  • 3
  • 23
  • 41