I have a PHP form, and I’m wondering how I should handle submission. I remember when learning Rails that the behavior was to have a special handler page for a form, which then redirected the user to a landing page, which would prevent the user from accidentally re-submitting data by hitting the back button and going back to the form submission page.
For my PHP form, to avoid such errors (and for secureness, however it might play in) is it also best to send the form data via post to a handling page, which they redirects the user? Or would it be ok to just handle the form data on the same page as the form? If I did the latter, is it possible for a user to accidentally resubmit data via hitting back/refresh/etc?
Post-Redirect-Get is the design pattern recommended for web-forms to prevent resubmission (and what you used in rails)
It doesn’t really matter if you submit to the same page or a different one, it’s the redirect which prevents the accidental resubmission. You can therefore choose whether to post to the same page or a separate page depending on your coding style and/or application semantics.