That is more or less how post works. What you need to do is what WordPress does on the backend.
- Submit the form
- Process it
- Redirect back to the original page.
That way, a refresh doesn’t pass post data. There is a name for that process but I can’t remember what it is right now.
get does not issue that warning, by the way, but will “double insert”.
A big part of your problem is that the way your code is written, every time the page loads you are building the $myPost variable and running wp_insert_post( $myPost); You aren’t even so much as checking to see if you have $_POST data before doing that. You are trying to insert a post whether the form has been submitted or not. Luckily, wp_insert_post will die if it is missing a couple of key parameters. At the very least you should have…
if (!empty($_POST)) {
$title = $_POST['title']; //from your form...
$content=$_POST['cntnt'];
$excerpt=$_POST['excerpt'];
$custom = $_POST['custom'];
//-- Set up post values
$myPost = array(
'ID' => '',
'post_title' => $excerpt,
'post_excerpt' => $excerpt,
'post_status' => 'publish',
'post_type' => 'post',
'post_author' => $authorID,
'post_content' =>$content,
'comment_status' => 'closed',
'ping_status' => 'closed',
'post_category' => array('7'),
);
$new_post = wp_insert_post( $myPost);
add_post_meta($new_post, 'rating', $custom, true);
}
At least that won’t run every time the page loads. However, you should really check the elements before you use them…
$title = (isset($_POST['title'])) ? $_POST['title'] : '';
And I’d try to sanitize it as well. Then you should process the form early in the page, not at the bottom, and redirect back, using wp_safe_redirect, if the form submission is a success. Since this is the front end that means you will need to process the form before the get_header function so that your redirect happens before any content is sent to the browser.
Really, and no offense intended, but your problem is bigger than you think it is. You have very badly designed code there, in several different ways.