php application creates a file for user to download, which works perfectly. I want to give user guidance on downloading file and the number of entries in the file. If I include any output after sending the headers nothing is displayed to the user.
I've tried using cookies. Here's an excerpt of code...
...
header("Content-Type: text/Calendar");
header("Content-Disposition:attachment; filename=myfile.txt");
readfile('tempfile.txt');
?>
<html>
<body>
<p>The file contained<?php count($VEVENTS)?> events.</p>
</body>
</html>
I've built a standalone php chat app. Works great with the classic localhost/chat, except I need it to run on an html page I already have. Does it have to be strictly html, the answer is no. The thing is, I know a browser can render html, but it can't render php.
I would just really like to know if there was any way for me to import a php app to a website. Chat app is consisted of 3 files, 2 of them are php which define the form, look and post method, the 3rd one is a log.html, which is used as a dumping place, that's how the app displays the messages,connected users, leaving users, etc.
I tried several different things.
-Tried using iframes
No good. It display raw php code
-Placed everything in www folder in wamp, tried to "require" the files in html page
No good, displays nothing.
There's really no code for me to show off, I've got everything working separately, except I need the php to work from inside my contact.html page.
It sounds like you simply don't understand HTML or PHP. You say that "The thing is, I know a browser can render html, but it can't render php." as if you're doing us a favor, when all it does is confuse us and then you attack us in the comments. A browser can 100% render a PHP file as long as it sends over HTML to the client, and seeing as you believe your PHP app works right now I'm not sure how you've tested it other than through the browser. Maybe you've used PHP from the command line but there'd be no graphical interface, and any HTML code (such as the form you say you've made) would simply be printed into the console where it should be obvious to you that a browser receiving the same thing would render it as HTML.
To prove this to you, just take a look at facebook:
https://www.facebook.com/ will direct you to the index.XXX within the root directory which is standard knowledge when working on sites.
https://www.facebook.com/index.html sends you to the error page as it doesn't exist (no html exists at index.html they just have the server configured to serve the error page any time a bad request comes in).
https://www.facebook.com/index.php works perfectly because that's the page that is normally chosen as the index.XXX and is rendered.
And finally, some demo code to prove my point:
<?php
$thingA = "dogs";
$thingB = "cats";
$finalThing = $thingA . $thingB;
?>
The above code would work perfectly fine, $finalThing would be "dogscats", and your server would take the output of the file (nothing) and send it as HTML.
<?php
$thingA = "dogs";
$thingB = "cats";
$finalThing = $thingA . $thingB;
echo $finalThing;
?>
The above code would do everything the first example did, but the output "dogscats" would be sent to the client as HTML. This would just render the text "dogscats" as if you had an HTML file with just those characters in it (no html tag, body tag, meta tags, or anything else at all).
<?php
$thingA = "dogs";
$thingB = "cats";
$finalThing = $thingA . $thingB;
echo "<!doctype html>";
echo "<html lang='en'>";
echo "<body>";
echo "\t<p> " . $finalThing . "</p>";
echo "</body>";
echo "</html>";
?>
The above would print a valid HTML file (without meta tags or many other useful things but sorry, I don't want to write much more and there's still another example) which should look exactly like the previous example, but with the text displayed on the screen being in a p tag rather than being raw text just sitting there.
<!doctype html>
<html lang="en">
<head>
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png">
<meta charset='UTF-8'/>
<title>Website</title>
<script src='https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js'></script>
</head>
<body>
<?php
$thingA = "dogs";
$thingB = "cats";
$finalThing = $thingA . $thingB;
echo "\t<p> " . $finalThing . "</p>";
?>
</body>
</html>
And this final example is the best of all, as it shows that a PHP file is simply an HTML file with <?php ?> tags. These tags are parsed by PHP, evaluated, and anything that needed to get printed in the middle (or wherever) of the HTML file is printed right there. Then the resulting HTML file (including both the raw HTML and the results of your php tags) is sent to the client.
I have a problem with a trackingpixel. The trackingpixel is included on the main page like that:
<img src="tracking.gif" alt="" />
The tracking.gif contains the following:
<?php
header("Location: http://www.mydomain.com/referrer.php?url=http%3A%2F%2Fwww.external.com")
?>
The referrer.php looks like that:
<?php
$url = $_GET['url'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Referring...</title>
<link rel="stylesheet" type="text/css" href="css.css" />
<meta http-equiv="refresh" content="0.3; URL=<?php echo $url ?>" />
<script type="text/javascript">
window.setTimeout(function() {
location.href = '<?php echo $url ?>';
}, 300);
</script>
</head>
<body>
Some text.
</body>
</html>
Unfortunately the redirect to the external website doesn't work. Only the referrer.php gets loaded. Why is that?
The code works if I replace the referrer-url in the tracking.gif by the url of the external website.
More Info:
If I call the referrer.php directly, it's working.
And I set the server via htaccess that it shoud handle the tracking.gif as a php-file.
Thanks for your help in advance!
The answer to your question lies in how browsers handle assets of different types, and what assets are allowed to actually do.
Your first piece of code:
<img src="tracking.gif" alt="" />
Tells the browser to load and display an image from some location. In order to do that, it's going to make an HTTP request for the image. This is why your second piece of code:
<?php header("Location: ....") ?>
actually works. The browser sends an HTTP request for tracking.gif, and the response directs the browser to another location. This is all fine (although you should also be setting the response status to 302 for completeness) and the browser goes off to your new URL in search of image data.
Here's we we hit the problem. When we follow the redirect to our new page, we don't get an image back- we get some HTML. The browser can't interpret this as an image. It appears to be nonsense. And so it is discarded. The browser certainly isn't going to check for, or execute, code embedded in the nonsense image data. It's simply going to hand the data to the pipeline responsible for drawing images, which will then say "I don't understand this" and move on to the next task.
This is why your referrer.php page actually works when you load it directly in the browser - because the browser is expecting HTML and Javascript. When the same data is received by the browser is expecting an image, the result is failure.
It appears that you're trying to cause the browser to go to a different URL when an image loads, which isn't permitted by the security model - image files cannot inject behaviour into pages that include them. Can you unpack what you're actually trying to achieve in a little more detail?
I want to send some response codes in response (what else?) to various conditions.
The header is being sent - I tripped over the various errors you can make using header(), such as having output before the call before. I figured out those sort of issues, for instance, I now use ob_start() and ob_clean() before the header() function call.
Now I need to understand why my browser/server/whatever is not showing me an error page.
Here's the HTML page which I'm using for testing:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en"><head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
<title>Header Testing</title>
</head>
<body>
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
ob_start();
ob_clean();
header("HTTP/1.1 403 - Forbidden", true, 403); // I get the same results with or without "true, 403"
ob_flush();
?>
Here's the header from the access log:
127.0.0.1 - - [11/Feb/2012:19:14:35 -0600] "POST /commentprocessing.php HTTP/1.1" 403 266 "http://127.0.0.1/submitcomments.php" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.24) Gecko/20111103 Firefox/3.6.24 ( .NET CLR 3.5.30729; .NET4.0C)"
Here is the HTML source:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en"><head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
<title>Header Testing</title>
</head>
<body>
</body></html>
That is exactly what I'd get if I removed out the PHP code from the test page.
Is there any way to have an "error" page display automatically based on the return code in the header?
I am running Abyss server locally for this sort of testing. I have a custom error page defined in Abyss for 403 errors and I've checked that it is spelled correctly in the Abyss setup and the page actually exists.
That page is not being displayed for the header with the 403 response code - which seems to be sent properly since it shows in the access log.
Could this be an issue with my using Abyss locally and not the server of my hosting company?
Any suggestions?
EDIT***
tftd,
If what you said is true, that the server is ignoring my code, why is it logged in the access log with the code I specified?
And, if what you said about being unable to change the response code, why even have the header() statement OR why does not the documentation clearly point out that such as things as using ob_start() and ob_clean() won't resolve get around it.
I've see, in more than one place, references to using ob_start() and ob_clean() to delete generated output so that the header() call will work.
heera,
Thank you, at least for showing me that material can be placed above the doctype statement and still be effective. I would not have thought that would work. So, thank you for that.
However, your example merely outputs exactly what would be output if you stripped out all of the PHP and had just the HTML.
I have removed your onload call to eliminate the 'function not defined' error which would have occurred since you did not include a script containing the referenced function.
The following will produce the same output as your example:
<!DOCTYPE html>
<html>
<head></head>
<body>
This is some text
</body>
</html>
Here's your example, which produces the same output as the straight HTML above.
<?php ob_start();?>
<!DOCTYPE html>
<html> <head></head>>
<body>
This is some text
</body>></html>
<?php
$ob=ob_get_clean();
echo $ob;
ob_end_flush(); ?>
You take a convoluted journey to the same output.
Also, why get the contents of the buffer and turn around and echo it out? What does that demonstrate other than a call to ob_get_clean() returns the contents of the buffer, erases it, and, unlike ob_clean(), deletes the buffer and if you want to send the output you just erased, you have to use ob_get_clean() and save it and then use echo to write it out.
Doesn't that just demonstrate that you had better do something to save the contents of the buffer, if you want to output, before calling a clean function?
And, ob_end_flush() is documented, everywhere I've encountered it, as being automatically called went the script/page finishes. Why demonstrate something that happens automatically, unless you were showing that with our with out a flush call, of one type or another, results in the same output, provided additional out is not created after the flush call.
Seems like your ob_end_clean() call doesn't demonstrate anything at all, hmmm, or does it?
So, why generate output, get it from the buffer, erase and delete the buffer, and then output the contents you saved? What exactly, does that demonstrate? How to do something simple in a convoluted, strange way?
Now, if you wanted to demonstrate the difference the placement of the ob_start() makes on the output and that ob_clean() deletes previous output, why not start with an example like this:
<?php ob_start();?>
<!DOCTYPE html>
<html>
<head></head>
<body>
This is some text
</body>
</html>
<?php
ob_clean(); // erase output buffer
echo "It was the best of times, it was the worst of times."
?>
The only output from that would be
It was the best of times, it was the worst of times.
If you comment out the ob_clean() call:
<?php ob_start();?>
<!DOCTYPE html>
<html>
<head></head>
<body>
This is some text
</body>
</html>
<?php
//ob_clean(); // erase output buffer
echo "It was the best of times, it was the worst of times."
?>
The output is now:
<!DOCTYPE html>
<html>
<head></head>
<body>
This is some text
</body>
</html>
This is some textIt was the best of times, it was the worst of times.
If you take my original example and move the ob_start() down into the second piece PHP code, like this:
<!DOCTYPE html>
<html>
<head></head>
<body>
This is some text
</body>
</html>
<?php
ob_start();
ob_clean(); // erase output buffer
echo "It was the best of times, it was the worst of times."
?>
The output is:
<!DOCTYPE html>
<html>
<head>
</head>
<body>
This is some text
</body>
</html>
This is some text It was the best of times, it was the worst of times.
Those are the examples I would provide to show the effect of the placement of the ob_start() and ob_clean() calls.
Again your example does exactly what the HTML would do were the PHP not there.
If you were saying that you must use ob_start, ob_get_clean(), echo, and ob_end_flush() to produce output - well, I would expect that from a programmer who only knew about ob_get_clean() and ob_end_flush().
I'd expect that from a programmer who, for some reason, thought he or she had to take charge to get the output to the user; that they had to take the buffer contents and use echo to send it to the user.
I simply don't understand why your wrote that example as you did or what, besides placement of the ob_start(), you were trying to demonstrate.
As for the "real world" - in the real world programmers are expected to understand the language features they use and any alternatives to them. They are expected to understand concepts - such as PHP automatically sending any generated output without the programmer having to call a function to get it to the user.
You called my use of buffering wrong. Well, it was, as regards the placement of the ob_sat() call, but everything else is just fine.
If you had posted your example in a question of some sort, my reply would have been -
There is absolutely no need to use an PHP to achieve what you are tyring to do. Take out the PHP and use the straight HTML - the output will be the same.
I'm sorry, but that example, except for the ob_start placement, demonstrates nothing but a strange and convo9luted way to get a HTML to a user.
Perhaps you just didn't take the time to consider the best example to use, after, first deciding what the example was to demonstrate.
If we ignore that fact that the example does nothing that the straight HTML does and it goes about outputting the buffer in a convoluted way, all your example did was set me straight on one thing - you can put something before the doctype and it will be "processed. And I thank you for pointing that out to me.
mc_kennedy,
I read the page you pointed me at but I don't think that applies since the first line of output does no start with HTTP/, as the page specifies.
I'm basing that on what I see in the source view window in my browser. The first line is either the doctype or a
To everyone in general --
It seems that what is being said, by some people, is that you have to have the header() call at the very top of the file and that will allow you to send response codes correctly.
Well, I tried that, with the PHP at the very top and followed by standard HTML, and I don't see any difference.
Am I wrong is thinking that a server will react differently to, say, a 200 than to a 403?
Do I have this all wrong and what I'm expecting - to have the server react, somehow, to the 403 or 500 error - is simply something that does not exist?
If the approach I was using would cause the header() call to be ignored, why does the log show the code I was sending?
I now understand that I should generate the error pages myself, I suspected (well, more than suspected, more like figured that was required.)
But am I expecting a server to react to different responses codes in different ways and this simply does not happen?
Bob
The header() function only alters the existing headers which are sent by your web server.
In your case you can't alter the status. By opening http://localhost/index.php you're sending a request to Abyss, which searches for index.php. If it finds the file - it opens/executes it. And because your file actually exists Abyss/Apache/Nginx will act if you're sending Status: 200.
Even if you send header('Status: 403'); the server will not honor it.
I'm not sure if there's an option to override the server's response the way you want it but with apache,nginx you can't do this.
Edit:
As #Alex Lunix said - you can redirect the user to the error page via
header("Location: path/to/your/error/page");
You might want to check how your Abyss server is treating your PHP script. As the log entry is indicating you are sending a 403 response, the server is probably treating the script as an NPH script and thus sending the output, headers included, directly to the browser with no other actions (such as checking if it should go to the configured 403 page). See http://www.aprelium.com/data/doc/2/abyssws-win-doc-html/cgiinternals.html for more details.
Addition to other answers your use of object buffering is wrong, here's a simple example of that
<?php ob_start();?>
<!DOCTYPE html>
<html>
<head></head>
<body onload="initialize()">
This is some text
</body>
</html>
<?php
$ob=ob_get_clean();
echo $ob;
ob_end_flush();
?>
In real world you have to use it differently, it's just an example.
Sending the response code in PHP is not supposed to also forward them to the error page.
Use header("Location: /error/page/url"); to forward them to the page, and if your error pages already send the response code you don't need to send it before forwarding them.
And the problem with the headers already sent thing is due to have already sent content, headers need to be sent before all other content. So placing it above the html would fix that.
<?php
if(Condition for 403){
header("HTTP/1.1 403 - Forbidden", true, 403);//Tell the user that this page is forbidden (not necessary if /error/file/ sends response)
header("Location: /error/file/"); //Forward user to your error page
exit; //Used to prevent php from executing further in the script
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en"><head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
<title>Header Testing</title>
</head>
<body>
EDIT:
The reason you place it at the top is so that they send before any output (which is what output buffering would do, but that adds unnecessary code). Sending the response code tells the user the nature of the page, if you were writing a 404 error page, then you would send a 404 response. If on this page you want to 403, you need to forward them to your 403 page using the Location header.
I saw a post on this already, but it didn't really provide a solution (that has worked for me at least)...
I have a PHP page that does some basic MySQL queries, the results of which are displayed on the page. I'm using some $_GET and $_SESSION variables throughout this process.
In the same page, I also allow the user to "Export to CSV" (by calling a function). The file returned from the export has the CSV results at the bottom, but also contains the HTML of my page (which calls the function).
Now, at the top of the page I have ob_start() and at the bottom I have ob_flush(), otherwise on page load I will receive some "Cannot modify header..." errors. So, as suggested in the post that I read:
My guess is that you've got some sort of template that generates the same HTML header and footer regardless of the page that is requested. Sometime before the exportCSV function is called, the header is generated.
You don't show the bottom of the output, but I'll bet the footer is there too, since I suspect the flow control will continue on to that code after the function exits."
(http://stackoverflow.com/questions/207019/why-am-i-getting-html-in-my-mysql-export-to-csv/207046)
Does anyone have any ideas on how I can prevent this from happening? Let me know if I should post some of my code and I will...
Thanks!
EDIT:
When calling ob_end_clean() before I call my export function, it gets rid of any html before the CSV. However, I am still getting some HTML closing tags after the CSV results...
fname lname MONTH WeekdayCount WeekendCount
John Doe 8 1 0
John Doe 7 3 2
Jane Smith 7 3 2
</div>
</div>
</div>
</body>
</html>
EDIT:
This issue has been solved by calling exit() after calling the CSV export script.
You could try calling ob_end_clean() before you output the csv data, and it should throw away any output you have already printed as HTML.
You could call exit() after outputting your csv data in order to stop the rest of you page being printed.
This doesn't seem a particularly good approach, can you not have a separate PHP script to output the csv which doesn't include the headers and footers by default?
Without seeing your script it's hard to say what exactly the problem is other than to say that you can't send HTTP headers to the client after you've sent ANY content. This includes white-space. Sometimes you'll have non-printable characters before your opening <?php statement as well. If necessary use a hex editor to find these.
The top of your export.php script should look something like:
<?php
header('Content-Type: text/csv');
...
Is this the case?
I face this problem also and solved it already.
My code is:
<html>
<title> </title>
<body>
<?php
....Code which output MySQL to CSV
?>
</body></html>
Below are example of CSV file which come out with HTML code at top.
<html>
<head>
<meta http-equiv="Content-Language" content="th">
<meta http-equiv="content-Type" content="text/html; charset=window-874">
<meta http-equiv="content-Type" content="text/html; charset=tis-620">
<title> Super Man </title>
</head>
<body bgcolor="#FFFFD4">
<SQL rows resulted>
xx5497 1/7/2015 1:03 SSFTM SSFTVM 35 Condition2
xx5498 1/7/2015 1:04 SSDHN SSDHKN 13 Condition2
xx5499 1/7/2015 1:06 SSFTM SSFTVM 14 Condition2
When running, CSV file got the first 12 lines on the top. It looked so crazy to me. I solved it by moving the PHP code to the top. Then the result is OK. Only SQL results were output to CSV file.
<?php
....Code which output MySQL to CSV
?>
<html>
<title> </title>
<body>
</body></html>