Overview:
I am having a block of code where I am checking for a condition and redirect to a page(manage_contents.php) if the condition(mysqli_num_rows($pages_set)>0) satisfies and thus everything after the if condition should not execute as the header has been redirected.
if(mysqli_num_rows($pages_set)>0) {
$_SESSION["message"] = "can't delete a subject with pages";
redirect_to("manage_contents.php?subject={$current_subject["id"]}");
}
$id = $current_subject["id"];
//Standard delete query
$query = "DELETE FROM subjects WHERE id = {$id} LIMIT 1";
$result = mysqli_query($connection,$query);
if($result && mysqli_affected_rows($connection)==1) {
$_SESSION["message"] = "Subjects deleted";
redirect_to("manage_contents.php");
}else{
$_SESSION["message"]="Subject deletion failed";
redirect_to("manage_contents.php?subject={$id}");
}
But if I execute the above the code isn't redirecting(even if the if condition satisfied) and executing whatever is next to the if loop.
redirect_to function:
function redirect_to($new_location) {
header("Location:".$new_location);
}
Working solution for me:
if(mysqli_num_rows($pages_set)>0) {
$_SESSION["message"] = "can't delete a subject with pages";
redirect_to("manage_contents.php?subject={$current_subject["id"]}");
} else {
$id = $current_subject["id"];
//Standard delete query
$query = "DELETE FROM subjects WHERE id = {$id} LIMIT 1";
$result = mysqli_query($connection,$query);
if($result && mysqli_affected_rows($connection)==1) {
$_SESSION["message"] = "Subjects deleted";
redirect_to("manage_contents.php");
}else{
$_SESSION["message"]="Subject deletion failed";
redirect_to("manage_contents.php?subject={$id}");
}
}
So,if i put all the code inside of the else statement then ofcourse it doesn't go to the else section when the if condition satisfies and hence works just fine.
Doubt:
Why the header doesn't redirect if I just leave the code outside of else section and why does it redirect just fine when the code is inside of else block?
I think both the code should work exactly same as far I know about header redirects.(when header is redirected all the following codes execution should skip).
Setting the Location header is not going to stop processing of the current PHP page. You'll need to explicitly exit:
function redirect_to($new_location)
{
header("Location: $new_location");
exit;
}
In other languages/frameworks (ASP.NET's Response.Redirect comes to mind) the current page's execution is stopped for you, but this does not happen in PHP and nothing in the documentation for header indicates otherwise.
Take a look to the caveat in http://php.net/manual/en/function.header.php : when you use the "Location" header you must take care that the code below it will not be executed (and your second code comply with it).
Related
This one may take a little but please stay with me for it.
I have been working with this code:
if(isset($_GET['o']) && isset($_GET['q'])){
echo("WIN 1");
if($_GET['o'] == "remove") {
echo("WIN 2");
$_SESSION['product_'.$_GET['q']]-=1;
echo("WIN 3");
if($_SESSION['product_'.$_GET['q']] < 1) {
unset($_SESSION['product_'.$_GET['q']]);
echo("WIN 4");
redirect("checkout.php");
} else {
echo("LOSE");
redirect("checkout.php");
}
}
}
And it is not performing any of the functions unless I step through it using:
exit();
After each of the echos.
I have no idea what could be causing this issue.
The URL being passed is:
localhost/cart.php?q=1&o=remove
Thank you!
EDIT
This is how I set the session (I have removed the echos):
if(isset($_GET['q'])) {
$query = query("SELECT * FROM products WHERE product_id=".escape_string($_GET['q'])."");
confirm($query);
while($row = fetch_array($query)){
if($row['product_quantity'] != $_SESSION['product_'.$_GET['q']]){
$_SESSION['product_'.$_GET['q']]+=1;
redirect("checkout.php");
} else if($row['product_quantity_tracking'] == "No") { //CHECK TO SEE IF IT'S INVENTORY TRACKED
redirect("checkout.php");
} else {
set_message("Sorry! There isn't enough in stock to complete that request!");
redirect("checkout.php");
}
}
}
This is the redirect function:
function redirect($location){
header("Location: $location");
}
I hope this helps!
By using exit(); you stop the execution of your script and you can see everything that was printed out using your echos.
-> If you can the see something like 'WIN 1', 'WIN 2', ... when exiting your script, it is working fine until this line.
-> Your problem must be found after this line.
I guess your problem lies in the redirect() function.
See this for how to perform a redirect: How do I make a redirect in PHP?
So, for some reason, when I hit the redirect on the cart.php it was running the REST OF THE PAGE instead of just redirecting and exiting the page as it would be expected to do.
For me to have solved this issue, I had to change the code to the following:
if(isset($_GET['o']) && isset($_GET['q'])){
if($_GET['o'] == "remove") {
$_SESSION['product_'.$_GET['q']]-=1;
if($_SESSION['product_'.$_GET['q']] < 1) {
unset($_SESSION['product_'.$_GET['q']]);
redirect("checkout.php");
exit();
} else {
redirect("checkout.php");
exit();
}
}
}
By adding the exit(); after the redirects it made sure it didn't follow the rest of the script on the page.
Thank you for everyone's help!
I have a form to edit an entry, after the user presses the submit button it executes the includes/edit.php?id=XXX script and then redirects using the header('Location: ../index.php'); to the index page where all the entries are being displayed.
On the index page, I want to create a condition:
if the index page is accessed via a redirect from the edit.php?id=XXX page, then show a success message to notify the user that the edit was succesfull.
How should this condition look like?
<?php
require_once('includes/session.php');
require_once('includes/config.php');
if(!isset($_SESSION['login'])){ //if login in session is not set
header("Location: http://www.domain.com/app/login.php");
}
$query = ("SELECT * FROM archive ORDER by id DESC");
$result = mysqli_query($link, $query) or die (mysqli_error());
/*if (condition){
//show success message
}*/
?>
You should take a look at this var :
$_SERVER['HTTP_REFERER'];
As it will return the page from where you come before this one:
So you could just do :
if($_SERVER['HTTP_REFERER'] == "edit.php?id=XXX"){
// your code here
}
you can simply try this :
if(isset($_GET['id']) && !empty($_GET['id']))
{
// your success message
}
If you set a $_SESSION variable with messages you can then display all messages and clear the list afterwards.
Adding a message:
if ( ! isset($_SESSION['messages']) ) {
# initialize messages
$_SESSION['messages'] = [];
}
# Add a new message:
$_SESSION['messages'][] = 'Something was a success!';
Reading messages:
# If there are messages not displayed
if ( isset($_SESSION['messages']) && is_array($_SESSION['messages']) ) {
foreach ( $_SESSION['messages'] as $message ) {
echo $message . '<br>';
}
# Clear messages
unset( $_SESSION['messages'] );
}
The suggested 'HTTP_REFERER' can be manipulated and browsers are not required to send it.
I would suggest to redirect immediately and not execute more code after the location header is set:
if(!isset($_SESSION['login'])){ //if login in session is not set
header("Location: http://www.domain.com/app/login.php");
exit();
}
If $_SESSION['login'] is not set: redirect and exit.
You might consider the rest of the code as one big "else" (= if $_SESSION['login'] is set).
To answer the question from comments: without the exit, the code below will be executed .. and doing that query is not really necessary. Thats why its better to end the program flow by adding an exit. Referencing: Why I have to call 'exit' after redirection through header('Location..') in PHP?
And for the condition you could use $_SERVER['HTTP_REFERER'] or $_GET['id'] to check the page you are coming from. Just compare the strings or parts of them.
I am getting a value "ID" from the URL using GET, as follows -
if ( isset($_GET['id']) && (filter_var($_GET['id'], FILTER_VALIDATE_INT))) {
$colname = $_GET['id'];
}
else
{
$URL="/index.php";
header ("Location: $URL");
exit();
}
I am then checking if the element of that ID exists in the table, as follows -
$query_validate = sprintf("SELECT * from surveys where id = %s", GetSQLValueString($colname, "int"));
$result_validate = mysql_query($query_validate, $conn) or die(mysql_error());
$row_validate = mysql_fetch_assoc($result_validate);
$num_validate = mysql_num_rows($row_validate);
if($num_validate==0)
{
$URL="/index.php";
header ("Location: $URL");
exit;
}
The idea is that when I type in the url as http://example.com/surveys?id=1, it loads the first survey, and so on. If an invalid ID (alphabets, id does not exist in the table, etc) is entered, it should redirect the user back to index.php, this is the basic premise of my code.
However, even if I go to the URL http://example.com/surveys?id=abc, it loads the page and displays an SQL Syntax error. I know that the header function cannot be invoked after output has been given on to the page, but these 2 checks happen very close to the start and I have ensured there is no output happening there.
Try this,
$num_validate = mysql_num_rows($result_validate);
Instead of
$num_validate = mysql_num_rows($row_validate);
Code:
$query_validate = sprintf("SELECT * from surveys where id = %s", GetSQLValueString($colname, "int"));
$result_validate = mysql_query($query_validate, $conn) or die(mysql_error());
$num_validate = mysql_num_rows($result_validate);
if($num_validate==0)
{
$URL="/index.php";
header ("Location: $URL");
exit;
}else{
$row_validate = mysql_fetch_assoc($result_validate);
}
I have a register form for member. But when member registered in my website i want automatically open wellcome.php page. I know it is header("Location: wellcome.php"); but i did it and nothing happen. What can i do? Registered is successfully But does not redirect.
<?php
include("includes/connect.php");
session_start();
if(isset($_POST['submit_bregister'])){
$name = $_POST['name'];
$surname = $_POST['surname'];
$email = $_POST['email'];
$re_email = $_POST['re_email'];
$password = sha1($_POST['password']);
$vergi_num = $_POST['vergi_num'];
$sirket_kategorisi = $_POST['sirket_kategorisi'];
$is_kategorin = $_POST['is_kategorin'];
$ulke = $_POST['ulke'];
$sehir = $_POST['sehir'];
if($name==''){
echo"<div class='error_name'>Adınız alanını boş bıraktınız!</div>";
exit();
}
if($surname==''){
echo"<div class='error_name'>Soyadınız alanını boş bıraktınız!</div>";
exit();
}
if($vergi_num==''){
echo"<div class='error_name'>Vergi numaranızı girmediniz!</div>";
exit();
}
if(strlen($vergi_num)>11 || strlen($vergi_num)<0){
echo"<div class='error_name'>Vergi numaranız en az çok 11 hane olabilir!</div>";
exit();
}
if($sirket_kategorisi==''){
echo"<div class='error_name'>Şirket Kategorisi alanını boş bırakamazsınız!</div>";
exit();
}
if($is_kategorisi==''){
echo"<div class='error_name'>İş kategoriniz alanını boş bırakamazsınız!</div>";
exit();
}
if($ulke==''){
echo"<div class='error_name'>Yaşadığınız Ülkeyi boş bırakamazsınız!</div>";
exit();
}
if($sehir==''){
echo"<div class='error_name'>Yaşadığınız Şehir alanını boş bırakamazsınız!</div>";
exit();
}
if($email==''){
echo"<div class='error_name'>E-Mail alanını boş bıraktınız!</div>";
exit();
}
if($_POST['email'] !== $_POST['re_email']){
echo"<div class='error_name'>E-Mail Adresleriniz Eşleşmiyor!</div>";
exit();
}
$check_email = "SELECT * FROM users WHERE email='$email'";
$run = mysql_query($check_email);
if(mysql_num_rows($run)>0){
echo "<div class='error_name'>Bu E-Mail adresi kullanımda!</div>";
exit();
}
$sirket_kategorisi = (int)$sirket_kategorisi;
$query = "SELECT is_kategorisi FROM business_category WHERE id='$sirket_kategorisi'";
$res = mysql_query($query);
$row = mysql_fetch_assoc($res);
$sirket_kategorisi = $row['is_kategorisi'];
$querys ="INSERT INTO `users` (`name`,`surname`,`email`, `re_email`,`password`,`vergi_num`,`sirket_kategorisi`,`is_kategorin`,`ulke`,`sehir`)
VALUES ('$name','$surname','$email', '$re_email','$password','$vergi_num','$sirket_kategorisi','$is_kategorin','$ulke','$sehir')";
$result = mysql_query($querys) or die(mysql_error());
if($result){
header('Location: email');
exit;
}
else {
header('Location: error');
exit;
}
}
?>
The headers cannot be sent after there is any output on the page. The echo is an output, so you cannot send any new headers – in you case the Location header.
You should have the redirect before the echo.
Are you sure this header("Location: wellcome.php"); is at the end of your code?
What i mean with that is for example if you have an if what waits for the Get argument, something like:
if(isset($_GET['register']){
//... code for registration
}
please make sure that the header("Location: wellcome.php"); is at the end of if but inside of the bracket, and its good to use exit(); after the header.
Also you cant echo something before the header();, you should have an error when you do that, check if you are getting one.
Some of your code will help a lot to figure whats wrong.
Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP. It is a very common error to read code with include, or require, functions, or another file access function, and have spaces or empty lines that are output before header() is called. The same problem exists when using a single PHP/HTML file.
<html>
<?php
/* This will give an error. Note the output
* above, which is before the header() call */
header('Location: http://www.example.com/');
exit;
?>
Normally something like this will result in a Cannot modify header information - headers already warning unless you don't have error/warning reporting turned on.
PHP doesn't allow output before header becuase it will redirect to the page straight away using header(), so there is no point outputting a message before you use it. If you try it will cause an error.
You could, however, add in the header of that page
<meta http-equiv="refresh" content="5;url='http://www.your-website.com/welcome.php'" />
The content attr is broken down into 2 sections time(sec) and url i.e.
content="(time in seconds) ; url='(url)'"
You can change either of these, however, make sure you keep them both inside content=""
So... if you have a script that states something like so...
while($result = mysql_fetch_array($resource))
{
if($result['TITLE'] == $this->title)
{
header("LOCATION: profile.php?error=11");
}
echo 'testing';
}
//Create the database profile
$second_query = "INSERT INTO profiles(USER_ID, KEYWORDS, TITLE, INTRO) ";
$second_query .= "VALUES(".$this->userId.",'".serialize($this->keywords)."','".$this->title."','".$this->intro."')";
echo $second_query;
if($result = mysql_query($second_query))
{
if(isset($file))
{
$this->update_profile($this->files);
}
return true;
}else
{
return false;
}
and the first condition fails and sends the header back... If you don't return false after sending the header, does it continue running the script? I had an issue to where if the title was found in my database it would return the error, but it would continue running that script, thus inserting a duplicate title entry into my database.
So again... does a script continue executing even after you send a header? aka (in this case) a redirect?
If a location header is sent without an exit yes it continues to run script.
Valid:
header("Location: profile.php?error=11");
die(); // or exit();
Think about that header isn't executed by the PHP itself, it's executed by the browser, same thing when you apply a header("Content-Type: application/force-download"); it tells the browser that the following outputted block has to be downloaded.
So even if you set the header to another location, all code inside script, unless we exit, gets processed by PHP and then the browser gets the location and redirects.
Yes it will ,so exit your script after sending header
header("Location: profile.php?error=11");
exit;