Ever filled out a form online and then hit back or refresh, only to see a weird "Confirm form resubmission" message?
It's annoying. And more importantly, it's not just how the internet works. It's actually a result of how the form was built.
If you're building apps, handling payments, or collecting user data, this is one of those small UX bugs that can make your product feel clunky. Here's why it happens and how to fix it.
The Real Problem
That "resubmission" message usually shows up when a form uses the wrong HTTP method, typically POST, and the page doesn't redirect afterwards.
You'll want to understand when to use GET vs POST. Here's the cheat sheet:
When to Use POST (Most of the Time)
Use POST when the action:
- Changes data (like creating, updating, or deleting records)
- Handles sensitive info (like login credentials or payments)
- Involves file uploads
- Includes a large number of form fields
Examples: login forms, contact forms, checkout forms, database updates, file uploads.
The key thing with POST is that you don't want the user to accidentally repeat the action by refreshing the page, especially if that action charges a credit card.
When to Use GET
Use GET when:
- It's okay to repeat the action
- You're just displaying info
- You want a shareable URL
- There's no sensitive data or file uploads
Examples: search bars, navigation forms, unsubscribe links.
Imagine if Google search used POST. You wouldn't be able to share links or hit refresh without resubmitting the search.
How to Fix the Resubmission Bug
If you're using POST, the fix is simple. Use the Post/Redirect/Get (PRG) pattern.
Here's how it works:
- User submits a form using
POST. - The server processes it.
- Instead of returning a page directly, you redirect the browser to a new URL using
GET.
That way, refreshing the page just reloads the final screen, not the original form submission.
A Quick PHP Example
if (!empty($_POST['username']) && !empty($_POST['password'])) {
$user = new User;
$user->login($_POST['username'], $_POST['password']);
if ($user->isLoggedIn()) {
header("Location: /admin/welcome.php");
exit;
} else {
header("Location: /login.php?invalid_login");
exit;
}
}
And to show an error on the login page:
if (isset($_GET['invalid_login'])) {
echo "Your username and password combo is invalid.";
}
Notice that even when login fails, the user gets redirected, which avoids the resubmission issue entirely.
0 comments