I'm using this code in my form
form action="<?php $_SERVER['PHP_SELF']?>" method="post"
Is there anyway I can POST-Redirect-GET when the form data is submitted by user? I'm trying to avoid duplicate form submissions from user hitting refresh.
like in this example .
I don't see how this could work if I'm using PHP_SELF in the form action. Any ideas?
Using PHP_SELF like that is exploitable, it allows for XSS. Just leave action blank like action="" and the form will submit to the page it's currently on.
If you want to prevent repeat submissions via refresh then issue a 302 redirect after receiving the form submission.
header("Location: /somewhere_else.php", true, 302);