Avoid FORM RESUBMISSION

[khan.sikki]

How to avoid form resubmission 

<?php require_once('../Connections/localhost.php'); ?>
<?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);
	
  $logoutGoTo = "../app/index.php?la=r";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$colname_teachers = "-1";
if (isset($_SESSION['MM_Username'])) {
  $colname_teachers = $_SESSION['MM_Username'];
}
mysql_select_db($database_localhost, $localhost);
$query_teachers = sprintf("SELECT * FROM teachers WHERE employee_id = %s", GetSQLValueString($colname_teachers, "text"));
$teachers = mysql_query($query_teachers, $localhost) or die(mysql_error());
$row_teachers = mysql_fetch_assoc($teachers);
$totalRows_teachers = mysql_num_rows($teachers);

$colname_school = "-1";
if (isset($row_teachers['school_id'])) {
  $colname_school = $row_teachers['school_id'];
}
mysql_select_db($database_localhost, $localhost);
$query_school = sprintf("SELECT * FROM schools WHERE id = %s", GetSQLValueString($colname_school, "int"));
$school = mysql_query($query_school, $localhost) or die(mysql_error());
$row_school = mysql_fetch_assoc($school);
$totalRows_school = mysql_num_rows($school);
date_default_timezone_set("Asia/kolkata");?>
<!doctype html>
<html lang="en">
<head>
<meta http-equiv="Refresh" content="1600">
<meta charset="UTF-8" name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="../app/css/app.css" type="text/css">
<?php include('../app/includes/favicon.php'); ?>
<meta name="Description" content="Andhra Pradesh Department of School Education Teacher & Student online Attendence  with Photo Geo Tagging ">
<title>Location Check</title>
	<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
</script>
<![endif]-->
</head>
<body>
	
<?php include('../app/includes/header.php'); ?>
	<marquee direction="left">
	  <h2>DEPARTMENT OF SCHOOL EDUCATION</h2>
	</marquee>
<main>
	<nav>
	<ul>
	  <li><a href="../app/teacher1.php">HOME</a></li>
	  <li><a href="../app/test.php">MDM</a></li>
	  <li><a href="<?php echo $logoutAction ?>">Logout</a></li>
	  <li></li>
	</ul>
	</nav>
	<article>
		
		<fieldset>
			<legend>Local Storage Test</legend>
		<form id="geotag" method="post" enctype="multipart/form-data" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>">
			<table width="auto" align="center">
				<tbody>
					<tr>
						<td><label class="cameraikon" for="image"></label></td>
					</tr>
					<tr>
						<td>
							<input id="image" type="file" name="image" accept="image/*" capture="camera" onChange="this.form.submit()">
						</td>
					</tr>
					<tr><td><input type="button" id="upload" value="upload"></td></tr>
					<tr><td><div id="loader" style="display: none"></div></td></tr>
					<tr><td height="auto" style="margin-top: 50px;">
						<?php 
		if(isset($_FILES['image']['name'])){
		$img = $_FILES['image']['tmp_name'];
		$targDir="../app/geotagged_imgs/";
		$imgExtension= strtolower(pathinfo(basename($_FILES['image']['name']),PATHINFO_EXTENSION));
		$imgname = "APEDU_".date('d-m-Y_h|i|s').".".$imgExtension;
		$tmpimg=imagecreatefromjpeg($img);
		imagejpeg($tmpimg,$targDir.$imgname,50);
		// move_uploaded_file($_FILES['image']['tmp_name'],$targDir.$imgname);				
		echo '<p id = "result">'.$imgname.'<br>UPLOADED SUCCESSFULLY.</p><br>';
		imagedestroy($tmpimg);
		echo '<br><img src="../app/geotagged_imgs/'.$imgname.'" class="thumbnail"><br>';
		empty($_FILES['image']['name']);
		empty($_FILES['image']['tmp_name']);
		print_r($_FILES['image']['name']);
			
	}
		?>
						</td></tr>
				</tbody>
			</table>
		</form>
		</fieldset>
	</article>
</main>
<footer> ™ and © 2019 A M Productions. All rights reserved. Property of Sikander. Use of this website (including any and all parts and components) constitutes your acceptance of these Terms and Conditions and Privacy Policy. Ad Choices. The materials on this website are not to be sold, traded or given away. Any copying, manipulation, publishing, or other transfer of these materials, except as specifically provided in the terms and conditions of use, is strictly prohibited. Smoking Policy</footer>
</body>
</html>
	<script>
		y = document.getElementById("upload").addEventListener("click",sikki);
		function sikki() {
			document.getElementById("loader").style.display = "block";
		}
		</script>
<?php
mysql_free_result($teachers);

mysql_free_result($school);
?>

 

[justsomeguy]

Redirect after you process the form.