I am trying to check whether the user inputted values match the ones that I defined. For this I created a <form> with the method POST. Since I am just trying the code out I added a action attribute which references to the same value.php page. Then I want the page to echo whether the values match back to me. I've encountered a strange issue which I've read about in another post on Stack Overflow but I still don't quite understand as to why this happens.
This is the code for the <form> which is the content of the value.php file :
<form action="value.php" method="POST">
<input type="text" name="fruit" placeholder="FRUIT HERE"><br>
<input type="text" name="vegetable" placeholder="VEGETABLE HERE">
<button type="submit">CHECK</button>
</form>
In the same file value.php above the <form> I have the following PHP code :
<?php
$db_fruit = 'apple';
$db_vegetable = 'tomato';
if (isset($_POST['fruit']) && isset($_POST['vegetable'])) {
$fruit= htmlentities($_POST['fruit']);
$vegetable = htmlentities($_POST['vegetable']);
if (!empty($fruit) && !empty($vegetable)) {
if ($fruit == $db_fruit && $vegetable == $db_vegetable) {
echo 'The values do match.';
} else {
echo 'The values do not match.';
}
}
}
?>
Because of the isset(); function in the PHP code I would expect the echo to not be executed unless the user clicks on the <button> with type="submit". The code works however if wrong values are in-fact provided and the echo 'The values do not match.'; gets executed the echo does not disappear even after the page is refreshed despite accepting the Confirm form resubmission warning and clicking Continue. How can I make it so that the echo would not appear on page refresh and the page would appear "brand new"?
I should also point out that preferably I am looking for a solution that does not require the use of JavaScript.
CodePudding user response:
Its exactly the same code that you post here, i merged 2 different parts, you need to prevent form resubmit on refresh for this case so i added javascript between script tags. Also, changed the logic a bit, in my opinion collecting texts going to be echo ' ed in an array, and echoing them together is better approach, but it does not change much. You can also try last version by including script.
<?php
$db_fruit = 'apple';
$db_vegetable = 'tomato';
$result = array();
if (isset($_POST['fruit']) && isset($_POST['vegetable'])) {
$fruit= htmlentities($_POST['fruit']);
$vegetable = htmlentities($_POST['vegetable']);
if (!empty($fruit) && !empty($vegetable)) {
if ($fruit == $db_fruit && $vegetable == $db_vegetable) {
$result[] = 'The values do match.';
} else {
$result[] = 'The values do not match.';
}
}
}
if (!empty($result)) {
foreach ($result as $val) {
echo "$val";
}
}
?>
<script> //this part will not allow form resubmit on refresh !
if ( window.history.replaceState ) {
window.history.replaceState( null, null, window.location.href );
}
</script>
<form action="" method="POST"> //because php code is on same file action empty
<input type="text" name="fruit" placeholder="FRUIT HERE"><br>
<input type="text" name="vegetable" placeholder="VEGETABLE HERE">
<button type="submit">CHECK</button>
</form>
CodePudding user response:
The echo still appears with no resubmitting the form? That's strange, maybe your browser still sending the POST clicking Continue...
Whatever, a trick you can apply is to use a session control variable.
Just before the form, but after manage the POST, you define a session variable, giving it a random value, for example:
$_SESSION['control'] = rand(100000, 999999);
And put that value inside the form as a hidden input:
<input type="hidden" name="control" value="<?php echo $_SESSION['control']; ?>" >
Now you can check if sent control match the current one instead of check fruit and vegetable (you can still do that if you want):
if (isset($_POST['control']) && isset($_SESSION['control']
&& $_POST['control'] == $_SESSION['control`]) {
Of course, don't forget to start session at the beggining of your script:
session_start();
That's all.