Prevent Form resubmission upon hitting back button

Question

I have searched many posts here and elsewhere but can't seem to find a solution to my problem. I have a page which displays database entries: database.php. These entries can be filtered with a form. When I filter them and only display the ones I am interested in I can click an entry (as a link) which takes me to that entries page (via php GET). When I am on that entries page (i.e., "view.php?id=1") and hit the back button (back to database.php), the filter form requires to confirm the form resubmission. Is there any way to prevent this?

here are some (simplified) code examples:

Database.php:

<form>
    <select>
        <option>1</option>
        <option>2
        <option>
    </select>
    <input type="submit" name="apply_filter" />
</form>
<?php
if ( isset( $_POST[ "apply_filter" ] ) ) { // display filtered entries
    $filter = $_POST[ "filter" ];
    $q = "Select * from table where col = '" . $filter . "'";
    $r = mysql_query( $q );
} else { // display all entries
    $q = "Select * from table";
    $r = mysql_query( $q );
}
while ( $rec = mysql_fetch_assoc( $r ) ) {
    echo "<a href='view.php?id=" . $rec[ "id" ] . "'>" . $rec[ "name" ] . "</a><br />"; // this is where the link to the view.php page is...
}
?>

Now as mentioned, if I click on the link, it takes me to "view.php?id=whatever". On that page, I just get the ID from the url to display that single entry:

view.php:

<?php
$id = $_GET[ "id" ];
$q = "Select * from table where id = '" . $id . "'";
$r = mysql_query( $q );
while (  ) {
    // display entry
}

?>

If I now hit the back button, the form on database.php (the one used to filter the DB results) requires confirmation for resubmission. Not only is this very annoying, its also useless to me.

How can I fix this? I hope the code examples and explanation of my problem are sufficient. If not let me know and I'll try to specify.

Answer 1

I know this question is old, but having this issue myself, two lines I've discovered that works are:

header("Cache-Control: no cache"); session_cache_limiter("private_no_expire"); 

Answer 2

There are two ways I know of to do this. The simple way and the hard way.

Regardless of the way, when you are dealing with a state-based page (using $_SESSION), which you should be doing to keep your pages "live" and under your control, is prevent the caching of all pages like this:

<?php
//Set no caching
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 
header("Cache-Control: no-store, no-cache, must-revalidate"); 
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
?>

The hard way involves generating an id and storing it somewhere on the page as a hidden input or a &_SESSION cookie. Then you store the same id on the server as a $_SESSION. If they don't match, a series of preprogrammed if else type statements cause nothing to happen with the page is resubmitted (which is what it tries to do when you click back).

The easy way is to simply redirect the user back to the form submission page if the form was submitted successfully, like so:

header('Location: http://www.mydomain.com/redirect.php');

I hope this helps!