hello guys i have a problem with this code

when id add a comment and comment insert in database and when i make refresh on the same page i get this warning : One of the fields are still empty, i think the problem in the first code

  <?php 

    if ($_POST['add'] and $_POST['add']=='comm'){

    $comm_name      =strip_tags($_POST['comm_name']);
    $comm_country   =strip_tags(mysql_real_escape_string($_POST['comm_country']));
    $c              =strip_tags(mysql_real_escape_string($_POST['comm']));
    $comm_thread    =strip_tags(mysql_real_escape_string($_POST['comm_thread']));
    $status =$_POST['status'];
    $getidtopic=$_GET['id_topic'];
    $post_code=$_POST['post_code'];

    if ($comm_name=='' or $comm_country=='' or $c=='' or $post_code=='' ){
    echo "<script>alert(\"One of the fields are still empty
\");</script>";
    }else if ($_POST['post_code']==$_SESSION['code']) {

    $insertcomm=mysql_query("insert into comments values('','$comm_name','$comm_country','$comm','$comm_thread','$status') ")or die (mysql_error);
    echo "<script>alert(\"your comment has been adding\");</script>";

    }
    }


    ?>

and this is the comment's form

   <form action='' method='post' >
    <table  class='rightcol'  width='100%' cellpadding='0' cellspacing='5'>


    <tr>
    <td colspan='3' id='addcomm'>add comm</td>

    </tr>

    <tr>

    <td width='15%' ><div id='title_comm' value=''>name : </div></td>
    <td  ><input type='text' name='comm_name' value='<?if (!$insertcomm){
    echo $comm_name;
    }?>'/></td>
    </tr>

    <tr>
    <td width='15%' ><div id='title_comm'>country  </div></td>
    <td ><input type='text' name='comm_country' 
    value='<?if (!$insertcomm){echo $comm_country;}?>'/>
    </td>
    </tr>


    <tr>
    <td valign='top' width='15%'><div id='title_comm'>comment : </div></td>
    <td width='50%'>
    <textarea  cols='55' rows='12' name='comm'>
    <?if (!$insertcomm){echo $c;}?>
    </textarea></td>
    <td valign='top' ><div id='note_comm'>
  your comment will not insert if you try to use some thing bad
    </div></td>
    </tr>


    <tr>
    <td width='15%' ><div id='title_comm'><span style='color:red'>code : <br/>write these codes </span></div></td>
    <td ><input type='text' name='post_code'/></td>
    </tr>

    <tr>
    <td ><div id='code'>
    <?php 
    $text=rand(400,80000);
    echo $_SESSION['code']=$text;
    ?>


    </div></td>
    </tr>




    <td colspan='4' ><input type='submit' name='addcomm' id='add' value='add comm'/></td>

    </table>
    <input type='hidden' name='comm_thread' value='<?php echo $getidtopic;?>' />
    <input type='hidden' name='add' value='comm'/>
    <input type='hidden' name='status' value='2'/>
    </form>

after searching on the google i have been reached to sovle this problem by usign redirect is it true way ?

Yes. After a form is submitted and processed, you should issue a redirect to prevent the form from being submitted again unintentionally when a user refreshes their browser (or the browser restores previously open tabs during startup, etc.)

Member Avatar for diafol

Your html form and your form handling code should be separate. Using a header redirect from the handling page is a good way of preventing resubmit on refresh/reload. Some may think that this is a bit of a chore, especially when passing values back to repopulate the form. It can be handled easily with session vars in one go, e.g.

$_SESSION['failed_submit'] = $_POST;
$_SESSION['failed_submit']['err'] = $error_msg;

thank diafol may you explain to me how this code can be works"give me an example "

$_SESSION['failed_submit'] = $_POST;
$_SESSION['failed_submit']['err'] = $error_msg;
Member Avatar for diafol

formhandler.php:

session_start();

//do your validations and assign an $error_msg if a problem arises from the incoming data.

if($error_msg){
    $_SESSION['failed_submit'] = $_POST;
    $_SESSION['failed_submit']['err'] = $error_msg;
    header('form_page.php');
    exit;
}

Then you can do something like (in form_page.php):

<?php
session_start();

$form_refill = array('username'=>'',...,'err'=>''); //just create an array of all refill fields required - set to default values or empty.

if(isset($_SESSION['failed_submit'])){
    $form_refill = $_SESSION['failed_submit'];
    unset($_SESSION['failed_submit']);
}
?>
...

<form ...>
    <input type="text" id="username" name="username" value="<?php echo $form_refill['username'];?>"
    ...
</form>
<div id="errmsg">
    <?php echo $form_refill['err'];?>
</div>

There are many ways to do this. This is a little contrived, but it may give you an idea.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.