How to delete $_POST variable upon pressing 'Refresh' button on browser with PHP?

To prevent users from refreshing the page or pressing the back button and resubmitting the form I use the following neat little trick.

<?php if (!isset($_SESSION)) { session_start(); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $_SESSION['postdata'] = $_POST; unset($_POST); header("Location: ".$_SERVER['PHP_SELF']); exit; } // This code can be used anywhere you redirect your user to using the header("Location: ...") if (array_key_exists('postdata', $_SESSION)) { // Handle your submitted form here using the $_SESSION['postdata'] instead of $_POST // After using the postdata, don't forget to unset/clear it unset($_SESSION['postdata']); } ?> 

The POST data is now in a session and users can refresh however much they want. It will no longer have effect on your code.

Use case/example

<!-- Demo after submitting --> <?php if (array_key_exists('postdata', $_SESSION)): ?> The name you entered was <?= $_SESSION['postdata']['name']; ?>. <!-- As specified above, clear the postdata from the session --> <?php unset($_SESSION['postdata']); ?> <?php endif; ?> <!-- Demo form --> <?php if (!isset($_SESSION['postdata'])): ?> <form method="POST" action="<?= $_SERVER['PHP_SELF']; ?>"> Name: <input type="text" name="name" /><br /> <input type="submit" value="Submit" /> </form> <?php endif; ?> 

Simple PHP solution to this:

if (isset($_POST['aaa'])){ echo ' <script type="text/javascript"> location.reload(); </script>'; } 

As the page is reloaded it will update on screen the new data and clear the $_POST ;)

this is a common question here.

Here's a link to a similar question. You can see my answer there. Why POST['submit'] is set when I reload?

The basic answer is to look into post/redirect/get, but since it is easier to see by example, just check the link above.

My usual technique for this is:

<?php if ($_POST) { $errors = validate_post($_POST); if ($!errors) { take_action($_POST); // This is it (you may want to pass some additional parameters to generate visual feedback later): header('Location: ?'); exit; } } ?> 

How about using $_POST = array(), which nullifies the data. The browser will still ask to reload, but there will be no data in the $_POST superglobal.

$_POST should only get populated on POST requests. The browser usually sends GET requests. If you reached a page via POST it usually asks you if it should resend the POST data when you hit refresh. What it does is simply that - sending the POST data again. To PHP that looks like a different request although it semantically contains the same data.

This will remove the annoying confirm submission on refresh, the code is self-explanatory:

if (!isset($_SESSION)) { session_start(); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $_SESSION['postdata'] = $_POST; unset($_POST); header("Location: ".$_SERVER[REQUEST_URI]); exit; } if (@$_SESSION['postdata']){ $_POST=$_SESSION['postdata']; unset($_SESSION['postdata']); } 

You can't, this is treated by the browser, not by any programming language. You can use AJAX to make the request or redirect the user to the same (or another) page.

The "best" way to do this is Post / Redirect / Get

http://en.wikipedia.org/wiki/Post/Redirect/Get

After the post send a 302 header pointing to the success page

I had this problem in an online fabric store, where there was a button to order a fabric sample on the product page, if a customer had first ordered a product and then wanted to order a sample of a different colour their previous order would be duplicated, since they never left the page and the POST data was still present.

The only way I could do this reliably was to add a redirecting page (or in my case in WordPress, add action to "parse_request" for a mock url), that redirects back to the referring page.

Javascript:

window.location.href = '/hard-reset-form'; 

PHP:

header('Location: ' . $_SERVER['HTTP_REFERER']); die(); 

This way you are coming back to a new page, all POST data cleared.

Set an intermediate page where you change $_POST variables into $_SESSION. In your actual page, unset them after usage.

You may pass also the initial page URL to set the browser back button.

I have a single form and display where I "add / delete / edit / insert / move" data records using one form and one submit button. What I do first is to check to see if the $_post is set, if not, set it to nothing. then I run through the rest of the code,

then on the actual $_post's I use switches and if / else's based on the data entered and with error checking for each data part required for which function is being used.

After it does whatever to the data, I run a function to clear all the $_post data for each section. you can hit refresh till your blue in the face it won't do anything but refresh the page and display.

So you just need to think logically and make it idiot proof for your users...

try

unset($_POST); unset($_REQUEST); header('Location: ...'); 

it worked for me

I can see this is an old thread, just thought I'd give my 2cents. Not sure if it would fit every scenario, but this is the method I've been successfully using for a number of years:

session_start(); if($_POST == $_SESSION['oldPOST']) $_POST = array(); else $_SESSION['oldPOST'] = $_POST; 

Doesn't really delete POST-ed values from the browser, but as far as your php script below these lines is concerned, there is no more POST variables.

This is the most simple way you can do it since you can't clear $_POST data by refreshing the page but by leaving the page and coming back to it again.

This will be on the page you would want to clear $_POST data.

<a class="btn" href="clear_reload.php"> Clear</a> // button to 'clear' data 

Now create clear_reload.php.

clear_reload.php:

<?php header("Location: {$_SERVER['HTTP_REFERER']}"); ?> 

The "clear" button will direct you to this clear_reload.php page, which will redirect you back to the same page you were at.

If somehow, the problem has to do with multiple insertions to your database "on refresh". Check my answer here Unset post variables after form submission. It should help.

The Post data can be clear with some tricks.

<?php if (!isset($_SESSION)) { session_start(); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $_SESSION['postdata'] = $_POST; unset($_POST); //unsetting $_POST Array header("Location: ".$_SERVER['REQUEST_URI']);//This will let your uri parameters to still exist exit; } ?> 

In my case I have used the below trick to redirect user to the same page once the $_POST operation has been done.

Example:

if(!empty($_POST['message'])) { // do your operation here header('Location: '.$_SERVER['PHP_SELF']); } 

It is a very simple trick where we are reloading the page without post variable.

I see this have been answered. However, I ran into the same issue and fixed it by adding the following to the header of the php script.

header("Pragma: no-cache"); 

Post/Redirect/Get is a good practice no doubt. But even without that, the above should fix the issue.

I had a form on my account page which sent data with POST method and I had to store the received data in a database. The data from the database was supposed to be displayed on the webpage but I had to refresh the page after the POST request to display the contents in database. To solve this issue I wrote the following code on account page:

if (isset($_POST['variable'])){ echo ' <script type="text/javascript"> location.href="./index.php?result=success"; </script>'; } 

Then on index.php I refreshed the page and sent the user back to my account page as follows:

if (isset($_GET['result'])) { echo'<script> //reloads the page location.reload(); //send user back to account.php location.href="./account.php" </script>' } 

You should add the no cache directive to your header:

<?php header( 'Cache-Control: no-store, no-cache, must-revalidate' ); header( 'Cache-Control: post-check=0, pre-check=0', false ); header( 'Pragma: no-cache' ); ?> 

This works for me:

<?if(isset($_POST['oldPost'])):?> <form method="post" id="resetPost"></form> <script>$("#resetPost").submit()</script> <?endif?>