Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

PHP Build a Simple PHP Application Adding a Contact Form Redirecting After a Form Submission

Back button may process the form again and send a duplicate email??

Hello,

after we fill out the form(contact.php) and click submit, the contact-process.php displays on the screen "Thanks for the email. I'll be in touch shortly".

When we click the "back button", the same message appears ("Thanks for the email. I'll be in touch shortly). Randy says that in this case the form gets processed and sends another email.

Lets say I move through the pages in this order:

contact.php/contact-process.php/shirts.php/contact-process.php

Using this above, I don't understand how pressing the back button on the shirts.php page to contact-process.php would cause the form to get processed again and send another email.

Shouldn't the form get processed and send a mail only at contact.php when we click the submit button. Yes, I know that contact-process.php gets a copy of all the variables and values from the first submission, but I don't see why it would send the user another email. I think it should only show on the user browser this message ("Thanks for the email. I'll be in touch shortly), but not send a mail because contact-process.php does not have a submit button.

<?php



$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];

$email_body="";

$email_body = $email_body."Name: ".$name."\n";
$email_body = $email_body."Email: ".$email."\n";
$email_body = $email_body."Message: ".$message;

//TODO send emails


$pageTitle ="Contact Mike";
$section = "contact";
include('inc/header.php');




?>



<div class="section page">
    <div class="wrapper">
        <h1>Contact </h1>

        <p>Thanks for the email! I&rsquo;ll be in touch shortly</p>




    </div>





</div>
<?php

include('inc/footer.php');

?>

Shouldn't the form get processed and send a mail only at contact.php when we click the submit button.

That's how it should be but that contact-process.php file doesn't have any mechanism to check that a submit button was pressed, it just goes ahead and acts as though it has. So if the back button takes you to that file, it will try to process form data and send an email. Does that make sense?

In a later video conditional code is used which checks the request type, and the result is that if a submit button wasn't pressed then no email is sent.

4 Answers

1) Imagine I am a complete beginner, can you please give me the " 101 for dummy way" :) or visual of why contact-process (that does not have a submit button) can still submit an email.

OK I'll have a go:

I'm looking at the short version of contact-process.php visible at 4:53 in this video: http://teamtreehouse.com/library/build-a-simple-php-application/adding-a-contact-form/redirecting-after-a-form-submission

Imagine contact-process.php just had 1 line, and it said:

// TODO: Send email

Can you see how loading that file by any method (including form action attribute, back button or directly typing the URL) will cause an email to be sent? There is nothing in there that checks a form has been submitted, it just sends an email. Are you with me so far?

The actual script isn't much different than this. There are 7 lines of variable assignments, it sends the email and then redirects somewhere else. There is nothing that requires a form to be submitted in order for it to function. Of course, in that case it doesn't function correctly because the $_POST variable won't contain any user data. In fact, I suggest you try running this script as-is and see what happens.

2) Also, generally how do we know when our code will cause a resubmission of a form filled out by a customer.

In this context, the general answer is that we typically don't use GET requests to do things like make changes to the database, send emails, or any similar action. The reason is that GET requests can be bookmarked, easily refreshed and triggered by the back button - this means the user could accidentally repeat the request and make the change over and over.

POST requests on the other hand can't be bookmarked and the browser asks for confirmation on refresh, so are typically used for form submissions and the like. The final form submission code in this course only responds to POST requests, so solves the problem we are discussing.

This is why when you do a refresh or go back to a page which has just processed your order (on a real site) or filled in a form, you usually get a popup saying the page is trying to do the same thing again, is this what you intended (i am paraphrasing here)

Thanks tim221 and shez,

Sorry tim221 for asking the same question again, but in case the other mail I responded to is not clear, let me ask it this way:

1) Imagine I am a complete beginner, can you please give me the " 101 for dummy way" :) or visual of why contact-process (that does not have a submit button) can still submit an email.

2) Also, generally how do we know when our code will cause a resubmission of a form filled out by a customer.

Cheers!!!

Sorry tim221,

I am rereading your mail and I would like to clarify this bit:

"So if the back button takes you to that file, it will try to process form data and send an email. Does that make sense?"

1) In the explanation above, are you saying that contact-process is capable of processing... Hmm, now I wonder how by just having variables and values, and no form or submit button, can contact-process.php process a file?

thanks