Last things first: Have you got two different canonicalization redirects from two different sources? In a redirect target (whether by mod_alias or mod_rewrite) you never, ever need to \ escape anything. The R default is 302 temporary, so always say R=301 unless you specifically want it to be a 302.
Any conditions involving protocol and/or hostname should be negative, for example
The idea is to say "If the request is anything other than the form I want..." If your site is mixed http and https, you'll need two rulesets, one each way.
Now then: The bad news is that the problem is not in the rules themselves. The problem is in the act of redirecting. The http(s) standard has special rules about redirecting POST requests
:: shuffling papers ::
If the 301 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.
When automatically redirecting a POST request after receiving a 301 status code, some existing HTTP/1.0 user agents will erroneously change it into a GET request.
The prose for 302 is even worse.
The good news is that this is a non-problem, because legitimate requests will never be redirected
. The page that holds the form should point it to the correct URL. (The same, of course, applies to any internal link. But the ones involving POST can really enforce the rule.)
Incidentally, I was told by someone hereabouts that the all-encompassing form for ensuring a non-empty variable in php is
This covers you both ways, whether the variable is undefined or its value is zero/null.