Is there a way to redirect using PHP without using header("Location: http://www.google.com")? I put that at the top, right after a PHP script (which has no output), but it doesn't work. I use the PHP to check something in the database, and it will redirect depending on the contents.
"Right after a PHP script"? Well, it's going to have to be in a PHP script to work.
If that's not it, please consider showing your previous code. Remember, don't post a question asking how to implement your solution, but rather the question itself...
Your code should always work as long as the header is called before any echo or print statements that send output to the browser. Another possibility is your webserver sending out additional output or headers that are causing the redirect to not work.
One way to test would be to telnet to your webserver and send GET /myscript.php. Then view the result and see if it is what you expect.
Per the PHP documentation:
Remember that header() must be called before any actual output is
sent, either by normal HTML tags, blank lines in a file, or from PHP.
It is a very common error to read code with include(), or require(),
functions, or another file access function, and have spaces or empty
lines that are output before header() is called. The same problem
exists when using a single PHP/HTML file.
Without seeing the actual code that the redirect resides in it will be difficult to assist. Perhaps if you could provide more details then someone may be able to suggest another technology to help but the header method is the only one that I've came across.
Related
After realising that my web server wouldn't run php inside my html file I used an iframe which points to my php script.
It works as expected and now my site has a nice little comment form that the user can fill in and submit.
I opted for this instead of changing my hhtpd.conf because I don't think my web host allows it.
So my question is; is there any real danger of doing this? If the comment.php file were to mysteriously disappear an error would appear in my html which wouldn't affect the rest of my code. I can't think of any drawbacks unless there some server overhead I'm unaware of.
Any information would be welcomed.
Cheers!
If they (the html and php files) are located on the same server — should be no danger.
Just to clarify :
If you can 'run' the php in an iFrame, then you're able to run it in the main frame as well. the php that is generated for your iframe could as well be generated for the main frame.
So, no, there is no danger at at, but no, you don't need an iframe, I think you misunderstood somehow how php is working.
There is no php in html, php is (simplified) used in 2 scenarios :
first is to generate html that will be sent to the web browser,
the second is a script, that doesn't render any php but affects some internal files, like databases and such.
This question already has answers here:
How to fix "Headers already sent" error in PHP
(11 answers)
Closed 9 years ago.
I am trying to implement a fairly complex 3rd party script that consists of several interconnected scripts. I've included the intro of the script in a simple page of mine. The script basically writes different things to a string based on logic and echoes the string at the end. Sometimes it echoes a form and when you click on submit, the script runs again and based on the new logic echoes different text that displays fine inside my page where it is included in place of the earlier form. (The 3rd party script included in my page also has some includes of its own.)
My problem is that rather than have it echo some of the things it echoes, notably error os success messages, on occasion I would like to have it redirect to another page on my site.
I've done this successfully with other pages of mine. I include a script in a page that writes some header type code. Based on certain parameters or actions by the user that recall the script, the include may redirect to itself or another page. The only thing I have to make sure is that there are no spaces or text written in the course of the include prior to the redirect.
However working with this third party script, although I think I've removed all the white space, it is not letting me redirect. The error message sites the code written in my page that includes the 3rd party script. Here is the msg:
Warning: Cannot modify header information - headers already sent by (output started at /blah blah/stepone.php:5).
Step one is my simple page that calls the 3rd party script.
Am I right that an include can redirect in response to a user action even if there is some text currently displayed? Should I just be checking the third party scripts for white space or is there some structural thing I may be doing wrong.
The 3rd party scripts are too large to put in here otherwise I would put them in.
Thanks.
What you need, probably is ob_start(). This buffers the output and enables you to redirect, even when output is already generated.
Also check out the manual: http://php.net/manual/en/function.ob-start.php
the error you have mentioned happens because of headers being already send to the browser. and when it tries to send the header again it throws an error. so for example.
when you try doing something like this.
echo 'Hello World';
header('Location:some/location.php');
it might throw you an error. hence it is always good to place the redirect header on top. but sometimes we may not want that. in such case you can turn on output buffering by using php's ob_start() according to PHP's definition
This function will turn output buffering on. While output buffering is
active no output is sent from the script (other than headers), instead
the output is stored in an internal buffer
so instead of example code above you can use something like.
ob_start();
echo 'Hello World';
header('Location:some/location.php');
ob_end_flush();
You have to:
use ob_start() at the beginning of your file.
use ob_end_flush() at the end of your file.
I'm developing a web application where an html page is created for the user. The page could include anything that the user puts in it. We take these pages and add a little PHP at the top to check some things before outputting the actual html. It would look kind of like this:
<?php
require 'checksomestuff.php';
// User's html below
?>
<html>
<!-- user's html -->
</html>
Is there a way to stop PHP from parsing anything after my require? I need the html to be outputted, but, since the user can add anything they want to the html, I don't want any user-added PHP to be executed. Obviously that would be a security issue. So, I want the user's html to be outputted, but not parse any PHP. I would rather not have to put the user's html into another file.
One sensible way would be to offload the user created content to another file and then you should load this file (in your main php file) and output it as is - without parsing it as PHP.
There are many other ways to do this but if creating another file does the job for you then thats probably the best way forward.
UPDATE: Really must read last line of question!
You could encode the html into a variable using base64 encoding which you then just print out the decoded string.
If you don't store the file data in a php file, say n a txt or html file, the php won't be evaluated.
Alternatively you could read the file via file_get_contents() or by some other means which doesn't involve evaluating php.
Though I'm still tempted to ask why you want to do this (particularly this way), it sounds to me like one of the only things that can help you is the special __halt_compiler() function...
That should prevent it from executing the rest of the page, and may or may not output the rest of it. If not, well, read the first (and currently only) example in the PHP's manual for that function (linked above) for how to do it manually.
The only trouble I see with this method is that you'd probably have to have that code in every file you want to do this for, after your require.
I'm trying to find a malware that's causing a redirect on a website. Most probably it's using header("location: ...") so i'm wondering is there a way to determine which script file is calling the header()
Any help is appreciated
If you are talking about the "header()" function, you can use the debug_backtrace function. http://ca2.php.net/debug_backtrace. It will allow you to get the stacktrace and you could just analyse this and store it into a file or the database. Just put debug_backtrace in the header() function and log your data.
If you are talking about where on the site you are getting included from, you could simply store in a file or a database table the $_SERVER['REQUEST_URI'] which will help you find out from which URL you are getting included.
Finaly, you can also use $_SERVER['HTTP_REFERER'], if it was passed by the navigator, it will allow you to know from which page you came from when the request was made which can really help determine how you came to include this header incorrectly.
Good luck
I want code in a php5 page be executed after all of the page (or maybe even after the first part of the page) is displayed.
I would prefer no javascript and no frames / iframes and no redirects. Just one page written in php, only emitting html.
I remember some special function in php5 to register a callback function that will be executed after the content is sent to the browser, but could not find, did I dream this?
What are the most common ways to do this? I am on Linux / Apache.
It is not necessary to write a complete example, if you just name the ways or describe the trick and I lookup the details for myself
Edit: Now I am asking another question about the execution of the shutdown function here:
How to make sure the user cannot interrupt execution of php code called by "register_shutdown_function"?
Are you looking for register_shutdown_function()?