PHP: Don't let POST data follow redirect

hankknight
hankknight used Ask the Experts™
on
If a POST request is sent to my webpage, I want to redirect them to my error page.

I use this code:
header('Location: http://www.example.com/error/', true, 307);

Open in new window


Visitors get this error:
This web page is being redirected to a new location. Would you like to resend the form data you have typed to the new location?
I do NOT want any POST data to be submitted or re-submitted.  I do not want to allow visitors to do that.  

How can I redirect a user without giving them the option to re-post data?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
header('Refresh: 0; url=http://www.example.com/error/',TRUE,307);

Open in new window


Might work. Untested.

HTH
Can also try using this function instead:

//==== Redirect... Try PHP header redirect, then Java redirect, then try http redirect.:
function redirect($url){
    if (!headers_sent()){    //If headers not sent yet... then do php redirect
        header('Location: '.$url); exit;
    }else{                    //If headers are sent... do java redirect... if java disabled, do html redirect.
        echo '<script type="text/javascript">';
        echo 'window.location.href="'.$url.'";';
        echo '</script>';
        echo '<noscript>';
        echo '<meta http-equiv="refresh" content="0;url='.$url.'" />';
        echo '</noscript>'; exit;
    }
}//==== End -- Redirect
Commented:
changing the 307 to 302 will send the post data  and should not show the error message. but if you dont want any post data being passed, perhaps you could

unset($_POST);

before the header() function and that might work(never tried unsetting a superglobal though, it may or may not work)
Actually he still has the problem of Location sends the current HTTP request (POST data and all) to the specified url, where as refresh creates a new HTTP.
Most Valuable Expert 2011
Top Expert 2016

Commented:
Let me suggest a different strategy.  

Instead of this:
If a POST request is sent to my webpage, I want to redirect them to my error page.

Try this:
If a POST request is sent to my webpage, I will use PHP include() to load the script for my error page.  My error page will, of course, not care about the POST array.
Sandeep KothariProject Lead

Commented:
do just..

header("'Location: http://www.example.com/error/");
exit;

Open in new window

Sandeep KothariProject Lead

Commented:
ignore above comment... there is some syntax issue... do just..

header("Location: http://www.example.com/error/");
exit;

Open in new window

no need to pass optional parameters.. that should work..
Most Valuable Expert 2011
Top Expert 2016

Commented:
still has the problem of Location sends the current HTTP request (POST data and all) to the specified url, where as refresh creates a new HTTP.

Yep!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial