Sign in to follow this  
BeanDog

[web] header('location:?') in Safari?

Recommended Posts

I often have pages that take querystring parameters, processes what the querystring commands, and then redirects to '?' (the current page with no query string) to prevent the Refresh button from causing the same thing to happen again. Consider the following simplified code snippet. It's a GET form with a single text input and a submit button. A form like this would do some processing with the input (perhaps send an email), and redirect to the same page with that info cleared out of the querystring.
<?php
if(isset($_REQUEST['submit'])) {
	//Do something here.

	header('location:?');
	exit;
}
?>
<html>
<body>

<form method='get'>
<input name='text'>
<input name='submit' type='submit'>
</form>
Load up that page in Safari and hit the submit button, and you get a URL of index.php?text=whatever&submit=Submit????????????????????????? and an error that the page is redirecting incorrectly. It seems that if you ask Safari to redirect and just pass it a querystring (even just '?'), it appends to the query string rather than replacing it. Obviously, redirecting to 'index.php' rather than '?' would fix the problem. However, I've used this construct in dozens or hundreds of places, and it's a safeguard against renaming scripts (or copy-pasting the redirect code into a different script). Anyone know why Safari acts this way? And anyone have a suggestion on how to get around this without hard-coding the name of the script into the script itself?

Share this post


Link to post
Share on other sites
Quote:
Original post by BeanDog
And anyone have a suggestion on how to get around this without hard-coding the name of the script into the script itself?
One method I use is to generate a random number on each page load. This number is stored in a hidden field on the form and also stored in a session variable. When the page is submitted, I check that the two match; if not I unset() the submit button's $_POST variable (effectively disabling it) before the form is drawn again. This way, hitting refresh is ineffective as by that time the session variable contains a new magic number.

However, this is probably a little over-complex for what you want; rather than hard-coding the page name use the predefined variable $_SERVER['PHP_SELF'].

Share this post


Link to post
Share on other sites
What are you doing with the query string that you want to prevent from occurring again? If it's HTTP GET then you should be able to repeat the command without problems. If you're modifying something significant then you should be using POST or one of the other HTTP methods.

Share this post


Link to post
Share on other sites
The HTTP Location header requires an absolute URI according to the specs. This means you're relying on a browser's own interpretation when you're passing a relative URI to Location. Just use absolute URI's and you'll be fine.

Share this post


Link to post
Share on other sites
Quote:
Original post by Colin Jeanne
What are you doing with the query string that you want to prevent from occurring again? If it's HTTP GET then you should be able to repeat the command without problems. If you're modifying something significant then you should be using POST or one of the other HTTP methods.

I realize this. I rarely use GET to do something I wouldn't want repeated, but my same needs (not having Refresh do anything) apply for pages that take POST data. Redirecting to the current page with no GET/POST data meets that need.

Share this post


Link to post
Share on other sites
Try:

header('location: ' . __FILE__);


Else go with benryves' suggestion and use $_SERVER['PHP_SELF'] or $_SERVER['REQUEST_URI']. It shouldn't take you more than 3 lines of code to figure out the correct redirect location from REQUEST_URI. Just wrap it in a function and do a multifile search/replace on your existing header('location ...') calls.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this