php/html working with forms

[ringo747]

hi guys,

just been having a big read through some stuff lately on handling forms/validation/redirects etc.

What way would you best recommend to handle the control of events after a form has been submitted. Is it best to use a..

header ("location:http://www.site.com");

to redirect back to the site index for example or should I have a 'your data has been submitted' page where the user can navigate to wherever they wish. I'm not too sure what is best for this. Originally I would have used a javascript alert being executed from within my PHP code but this is useless for javascript disabled users.

Also, if i do use a php header redirect can a user press the back button and review the form? I really think this is very messy and can lead to double form submissions which is real not what i want.

Any advice or best practices on this would be good. I have had a google and came up with the header redirects but looking some advice from the pros on here. Thanks

 

[Makhaira]

It's nice to have a data submission confirmation page, simply so the user actually knows the process has completed successfully, and they've not just been dumped back to the homepage.

 

[JamesU2005]

In terms of usability then yes defo need a confirmation page.

 

[ringo747]

I guess I could just simply echo out the html from php and then have a 'you will now be directed to...' page. Is there any way I can ensure that the user can't navigate back to the form and resubmit it? Perhaps breaking the navigation is bad practice though.

 

[Deleted member 11679]

If you don't want the user to re-submit the information why don't you just build a script which creates a quick validation script to check that the information being entered is not a duplicate to what is already in the database.

 

[Eriedor]

What about having the form page handle the information aswell. Submit the page to itself, where it inserts the information and afterwards adds a highlighted information box saying success or something.

 

[Inquisitor]

The pattern I use for forms without confirmation goes like so:

1. User fills out form and submits
2. Browser is sent to the same page but with some kind of action specified in the URI to tell the script to process the form data
3. Once the form data have been processed, a location header is sent to the browser to redirect it to another page which will show a message to the user. The message is set as a session variable.
4. The message page displays whatever message is in the session variable and redirects after a few seconds (via a meta-redirect) to whatever page the user should see next.

Using a header redirect to send the browser to a separate message page is useful because it prevents people from refreshing the page and resubmitting the POST data in the process.

You could probably modify this by adding an intermediate confirmation page before the data are processed and using session variables to temporarily store the form data.

This sounds like a bit of a chore to do, but I use a framework and I've modified it to do it all automatically for me.

 

[ringo747]

thanks for the info guys... what i have here myself is

1) User fills out form and submits
2) Form is posted to self and validated.
3) Once information is valid and processed then success message appears on same page
4) User redirected to home page

This works nicely but I will have to work on something to stop the user being able to navigate back to the form. Would be ok to do with a database but im thinking of something like contact form scripts where no unique identifier is used. I guess the average user won't be pressing back anyways once they see the success message.