Or a 'not in database' for that matter -- in general you should never 'blindly accept' a form without some form of verification hash -- and those other 'methods' do nothing to prevent resubmits.
Make a random value, store it in a database with a expiration time and maybe the users IP addy, when they submit delete all expired times, then check if it's still in there. If it is, delete it and it's a valid submit, if it's not there -- they hit back or a spambot is trying to mass-hit you.
Simple. those other methods you mention don't actually do anything to prevent resubmits; since back would/could/should reload everything.
It's also why if you'll recall (since if I'm not mistaken you're still working off a baseline code I wrote), I use the same php file and URL to show the form as I do to submit the form -- with a hidden input to say it's submitted 'from form' -- interestingly hitting back should not resend any data, rejecting for empty fields and/or that value not being set -- if the browser does resubmit, that's when you use the database hash to reject it.