Am having problem with header no returning to the page specified.The update work well, but instead of returning to profile.php, the up.php file will display blank page. up.php is the name of the file displayed below. please help me, have checked for the white space, i can not fix it
<?php
include('../_includes/configg.php');
session_start();
$id=$_SESSION['uid'];
?>
<?php
$phone= $_POST['phone'];
$phone2= $_POST['phone2'];
$address = $_POST['address'];
$fname= $_POST['fname'];
$sname = $_POST['sname'];
// turn autocommit off
mysqli_autocommit($link, FALSE);
// Insert data into mysql
$sql = "update trader set address='$address', phone='$phone', phone2='$phone2', sname='$sname', fname='$fname' where id= '$id'";
$result = mysqli_query($link, $sql);
// if successfully insert data into database, displays message "Successful".
if($result){
// Am having problem here is not returning to profile.php.
header('Location:profile.php');
}
else {
echo "ERROR";
}
mysqli_commit($link);
mysqli_close($link);
?>
First of all, use PDO::Mysql instead of deprecated mysql uses. Also, your SQL queries are full of sql injections, always sanitize your user input.
Now, why doesn't your header work? Because header edits the headers send with the page. After the headers comes the data. At the moment your PHP page is processing data (you end your PHP code, leave some blank and than start the <?php code again, so data output has been generated.) Try leaving the ?> and <?php out of the code.
session_start();
$id=$_SESSION['uid'];
$phone= $_POST['phone'];
$phone2= $_POST['phone2'];
Also make sure your include('../_includes/configg.php'); doesn't contain any data that will be send to the user (so leave the ?> out of it so it won't compile as a page).
Related
I have this code and it seems to be working. The values are updating, but when I reload the page the updated values are without any value. For example now I have set the title as "blablabla" and when I reload the page it's changing to "".
This is the code
<?php
$title = $_POST['title'];
$meta = $_POST['meta'];
$email = $_POST['email'];
$analytics = $_POST['analytics'];
$query = "UPDATE websettings SET title = '$title', meta = '$meta', email = '$email', analytics = '$analytics' WHERE id = '1'";
if(mysql_query($query)){
echo "success";
}
else {
echo "fail";
}
?>
Your code applies $_POST variables to the database, but doesn't check if the client actually posted anything. Better to check if $_POST contains array items (if a form was posted), and check if each of those is set (if the user filled in the right fields), and validate the user input before saving (phone numbers, emails etc formatted correctly).
And as was pointed out in the comments you are vulnerable to SQL injection attack - one of the first things you should address.
Try turning on more PHP errors too - these would flag as unset variables for quicker fixing.
New code
$count= mysqli_num_rows($result);
if ($count==1){
$row=mysqli_fetch_row($result);
if(($row[1]==$username) && ($row[2]==$password))
{
echo $row[1];
$_SESSION["myusername"]= $username;
$_SESSION["mypassword"]= $password;
header("location: login_success.php");
exit();
} else {
echo "No user found";
}
} else {
echo "No rows selected";
//}
mysqli_close($dbc); // Closing Connection
}
}
?>
I modified the code but the header statement is causing it to stop. If I delete the header it works as expected.
$username = stripslashes($sent_username); is the culprit since you are saving the fetched username in $sent_user and not $sent_username. Since that is what you're using in your query:
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
Where $username does not make any sense if you roll back and see what it really holds i.e. $username = stripslashes($sent_username);, Now you see the culprit $sent_username, Where is it? No where, a typo indeed.
Instead of this:
$sent_user=$_POST['myusername'];
$sent_password=$_POST['mypassword'];
$username = stripslashes($sent_username);
$password = stripslashes($sent_password);
Try this:
$sent_user=$_POST['myusername'];
$sent_password=$_POST['mypassword'];
$username = stripslashes($sent_user);
$password = stripslashes($sent_password);
EDIT:
This should solve your problem, however there are a couple things you should re-check.
1) Proper syntax for header:
Instead of this:
header("location:login_success.php");
use this:
header("Location: login_success.php");
2) echo your query to see what really is happening, correct table with proper column and the proper values are being sent.
3) How could I forget the most important part, No matter what you do regarding sessions, ALWAYS write session_start(); in the beginning of your code in every file you intend to use sessions in.
^An Example:
<?php
session_start();
$host="localhost"; // Host name
$db_username=""; // Mysql username
$db_password=""; // Mysql password
$db_name="test_db_connection"; // Database name
$tbl_name="logintable"; // Table name
$error=''; // Variable To Store Error Message
if (isset($_POST['submit']))
//
Remove the:
echo $row[1];
Above the header command. Headers must always happen before any other output is provided to the client. This is because in the HTTP spec, headers come first and must be in the right format.
If you attempt to use Header in PHP after you have sent other content to the client then it will trigger a warning because you have tried to violate the HTTP specification. This is what the documentation says:
Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP. It is a very common error to read code with include, or require, functions, or another file access function, and have spaces or empty lines that are output before header() is called. The same problem exists when using a single PHP/HTML file.
http://php.net/manual/en/function.header.php
I've tried doing my research and it doesn't look like I'm coming up successful. I made sure there is no content being printed out to the screen before my header tags.
This page is taking information given from the form in the previous login page and using that information to determine which page the user should be redirected to. Unfortunately, it doesn't look like any of my header tags are redirecting to anything, it just stays on this php page.
To debug, I have echo'd each scenario (logged in, out, wrong pw) and each scenario works, but obviously when I echo'd the redirect wouldn't work. I just wanted to test that the information was being transmitted correctly.
Can anyone else help and give me an outsider's perspective?
<?php
session_start();
include('dbconnect.php');
$email = trim($_POST['email']);
$password = trim($_POST['password']);
$query = "SELECT password FROM artists WHERE email='$email'";
$passwordMatch = mysqli_query($db, $query);
$row = mysqli_fetch_array($passwordMatch);
if($row[0] == $password){
$query = "SELECT active FROM artists WHERE email = '$email'";
$active = mysqli_query($db, $query);
$active = mysqli_fetch_array($active);
$active = $active[0];
if ( $active == 0 ){
header('Location: validate.php');
}
else{
header('Location: artistHome.php'); //redirect to user home page and update session
$_SESSION['user']= $email;
unset($_SESSION['error']);
}
}
else{
header("Location: login.php");
$_SESSION['error']= 'Invalid Password';
}
?>
There were about thousands of posts like this one over here.Get rid of php closing tag ?> and whitespaces, html, blank lines before php opening tag <?php. Also check if there is no output before :
header("Location:");
Like print,var_dump, echo and so on.
Also check your if condition, maybe you are just skipping it.
If you include,include_once,require_once or require check all the things above in the included files too.
To narrow a circle of the things to correct look into your php error_log and provide us with error description.
header("Location: login.php"); will always fail if anything is returned to the browser before it. That includes whitespace, or even errors PHP are returning. Make sure nothing is being returned before the header function is used.
I want to redirect to a confirmation page after the person has registered, once they have entered the details they need it is sent to the database using the PHP script below which all works. Although when I try to add a redirect using header, it does not run the PHP script. Any ideas to what I am doing wrong?
PHP
if (isset($_POST['firstname'], $_POST['surname'], $_POST['email'], $_POST['username'], $_POST['password'], $_POST['interest'])){
$firstname = ($_POST['firstname']);
$surname = ($_POST['surname']);
$username = ($_POST['username']);
$password1 = ($_POST['password']);
$email = ($_POST['email']);
$interest = ($_POST['interest']);
$result = mysql_query("INSERT INTO user (firstname,surname,username,password,email,interestarea,user_type) VALUES ('$firstname','$surname','$username','$password1','$email','$interest','normal')");
}
You should use MySQLi or PDO with prepared statements as mysql_ functions have been deprecated. You should at least look into using something like mysql_real_escape_string as you may be open to sql injection attacks.
Otherwise, like others have said use:
header("Location: new_page.php");
exit();
$result = mysql_query("INSERT INTO user (firstname,surname,username,password,email,interestarea,user_type) VALUES ('$firstname','$surname','$username','$password1','$email','$interest','normal')");
header('Location: page.php');
Include at the beginning of the script:
<?php
ob_start();
?>
You can add header('Location:yourpage.php');
$result = mysql_query("INSERT INTO user (firstname,surname,username,password,email,interestarea,user_type) VALUES ('$firstname','$surname','$username','$password1','$email','$interest','normal')");
header('Location:yourpage.php');
exit();
You can add the #ob_start(); on top of the page.
This is an educated guess on what your problem might be:
You say the page is redirecting, but the php is not parsed. So... if the page just displays your php, it means is outside php reading directory... check that pls (see if it starts with localhost/your ip/domain, etc).
I'm adding a contact to my database with a form on the page add.php, the INSERT code for this form is on another page we'll call php.php page. In php.php I have a header function which I would like to have redirect the user to another page edit.php?ID=100, ID=100 being the contact that was just entered. How would I do this, do I need to do a fetch from the db before the header function and INSERT query?
<?php
if (isset($_POST['$fname'])) {
header("location: http://www.mydomain.com/contacts/edit/?ID=<? echo $row['ID]; ?>");
$connect = mysql_connect (...)
mysql_select_db ("mydb);
$ID = $_POST['ID'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$sql = ("INSERT INTO contacts (fname, lname) VALUES ('$_POST[fname]', '$_POST[lname]')");
mysql_query($sql,$con) or die ("Error: ".mysql_error());
exit;
}
?>
I believe mysql_insert_id is the function you're looking for. It'll return the AUTO_INCREMENT ID of the field that was just inserted. You can then plug that into your header redirect. Just make sure to do the header redirect AFTER you insert the contact. It'll work just fine.
Code that should work:
<?php
if (isset($_POST['$fname'])) {
$connect = mysql_connect (...)
mysql_select_db ("mydb");
$ID = $_POST['ID'];
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$sql = "INSERT INTO contacts (fname, lname) VALUES ('$fname', '$lname')";
mysql_query($sql,$connection) or die ("Error: ".mysql_error());
header("location: http://www.mydomain.com/contacts/edit/?ID=".mysql_insert_id($connection));
exit;
}
?>
The code you posted was also susceptible to MySQL injections, so I mysql_real_escape_string'd your input to prevent that from happening. Always sanitize input before putting it into your query. I encourage you to look at the MySQLi functions that PHP has to offer.
You need to send the headers after the current script has done all that you want it to do. Sending headers doesn't necessarily immediately cancel the execution of that script; it can still persist for a bit, but you should do after you do your SQL calls.
The header doesn't terminate the run of the script.
If you use location redirect is a good practice to exit from the script, what you did correct.
Be aware one thing, do not put any output to the stdout before the header.
You can't embed php code in the header function (the <? echo $row['ID]; ?>). To achieve what you are trying to do, you should have the INSERT code before the header function. Then you should retrieve the ID of the contact you just entered and then call the header function, like so (assuming $id is the retrieved ID):
header("location: http://www.mydomain.com/contacts/edit/?ID=".$id);
To retrieve the ID of the last inserted row, you can use the mysql_insert_id function (reference), though it is recommended you use the mysqli version.