Im working with PHP 4.3.11 and when I execute a header always responds with an error like this
Warning: Cannot modify header information - headers already sent by (output started at d:\folder\file.php:1) in d:\folder\file.php on line 2
Warning: Cannot modify header information - headers already sent by (output started at d:\folder\file.php:1) in d:\folder\file.php on line 3
Current PHP version: 4.3.11
the code I used to generate this error was
<?php
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
echo 'Current PHP version: ' . phpversion();
// prints e.g. '2.0' or nothing if the extension isn't enabled
echo phpversion('tidy');
?>
It has no spaces nor newlines before or after the php tags, and the same code in a 5.x version returns just the php version as expected.
Any clue?
Thanks in advance
Edit:
Solved!: I've opened the file with western european encoding and deleted the BOM and it worked. Thanks all for your help!
Do you have a UTF BOM at the start of the file?
Make sure that there are no empty lines and invisible characters (such as the UTF BOM) before the PHP block so that <?php is really the first in the file.
if your file does not contain anything else but php code it is recommended to skip the php closing tag to avoid empty spaces issue at the end of the file
The error you're getting means that your entire script (other files included) are sending some output before the header() function is called.
You should revise all your files and see if any of them is outputting something (with echo() or print()), or if you missed some empty spaces after the last closing tag ?>
it's unlikely, but there's the possibility to define auto_prepend_file in the php.ini (probably .htaccess too).
http://at2.php.net/manual/en/ini.core.php - this acts like a require() at the beginning of every script. you can check this by looking at the phpinfo(); output.
but i too think the problem is the utf-8 BOM.
Related
Function session_start used in PHP CLI print the next warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/robi/p/test.php:1) in /home/robi/p/test.php on line 2 why?
I want to log all the client entries in a variable and check this out to see if i get forgery from a specific remote address by comparing the time user last entry and current entry time! Am I doing it wrong?
here is my code:
<?php
session_start();
$client_entry = time();
$_SESSION["entries"][] = $client_entry;
$entries = $_SESSION["entries"];
$check_out = array_filter(
$entries,
function($value) use($client_entry) {
return ($value >= ($client_entry + (1 * 0.6)));
}
);
Your problem is, apart from that it makes no sense to use sessions in CLI, that output has already started prior to session_start();.
As I see in your code, you code begins directly with session_start();, I believe you have some characters before <?php. Make sure <?php is on the very first line of your file (so also no empty lines above it), and that there is nothing (such as a white space) in front of it.
This should fix this problem you are having.
The error comes from the very first line, so you should try to convert your file to utf-8 without BOM.
Quoting Wikipedia's article:
The byte order mark (BOM) is a Unicode character used to signal the endianness (byte order) of a text file or stream.
That character is sent to the output stream, so you can't redefine headers (session_start sets up a cookie in the headers).
its unbeliveable. This is all I got, at the very first file which is executed:
header ("Pragma: public\r\nExpires: 0");die;
and the error? Warning: Header may not contain more than a single header, new line detected in ... WTF? I var_dump()-ed the included files, but it contain this file only.
What is unclear about the error?
You have a new line here:
\r\n
You are trying to set two headers. You need two header() statements instead of one with a line break in the string.
header("Pragma: public");
header("Expires: 0");
die();
Ok, here's my scenario.
I have file.php that contains the following:
<?php
$output = shell_exec("php output.php");
echo $output;
?>
And the output.php contains the following:
<?php
echo "This is my output!";
?>
When I run file.php from a web browser, I get the following output:
‹ ÉÈ,V¢ÜJ…üÒ’‚ÒEÿÿp³*š
However, when I run the same php output.php directly from the shell, I get the correct output:
This is my output!
Now I'm well aware that this is some sort of encoding issue, but I cannot for the life of me figure out how to resolved it. I've tried setting the language using putenv('LANG=en_US.UTF-8');. I also tried using header('Content-Type: text/html; charset=UTF-8'); and even trying to determine what encoding type is being outputted using mb_detect_encoding($out, 'UTF-8', true);. without result.
exec() produces the same, malformed output.
I would really appreciate if anyone can shed some light on this and can possibly provide some insight on what is happening between the shell_exec and the output of the file to cause the output to be malformed.
The problem was the PHP output was being compressed twice, due to output compression being enabled.
The solution is to disable zlib.output_compression either by an entry in your .htaccess file, or by including the following at the top of your .php file:
ini_set('zlib.output_compression', 'Off');
Why/when does one has to use CRLF's at the end of header in PHP?
Here is one example (it's not necessarily correct):
header("method: POST\r\n");
header('Host: '.get_option('transact_url')."\r\n");
header('Content-type: application/x-www-form-urlencoded');
header('Content-length: '.strlen($transaction)."\r\n");
header($transaction."\r\n\r\n");
header("Connection: close\r\n\r\n");
header("Location: ".$key_client_url."\r\n");
You should never do manual line-breaks inside of header(). The current implementation removes line-breaks so you're safe, but this could change in future (although there's no reason why it should be changed).
If it's PHP, this code is nonsense.
header() function is used to send answer headers, while some of these headers are request ones.
You can see this code because one who wrote it has no clue.
Got my log-in's all mixed, so I'm posting, although this a comment for halfdan. Feel free to correct it, if someone can.
link
I saw that in the link and nobody mentioned about what you've just told me, so I thought it has something to do with Linux line-endings. Granted, it was the only time I saw "\r\n" in header().
Halfdan is correct.
Here is the explanation.
The request line and headers must all end with CRLF (that is, a carriage return followed by a line feed). The empty line must consist of only and no other whitespace.
Request = Request-Line ; Section 5.1
*(( general-header ; Section 4.5
| request-header ; Section 5.3
| entity-header ) CRLF) ; Section 7.1
CRLF
[ message-body ] ; Section 4.3
source: w3c.org - Hypertext Transfer Protocol -- HTTP/1.1
There was a way to add \r\n to header in php 4, which was vulnerability that could be exploited, using CRLF injection attacks see PHP HTTP Header Multiple Vulnerabilities.
when I am using include() with my wordpress plugin which says an error as follows.
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /var/www/wordpress3/wp-content/plugins/new/listAllItems.php:10) in /var/www/wordpress3/wp-content/themes/thesis_16/lib/functions/document.php on line 3
listallitems.php's 10 th line says
`
include_once("../../../wp-config.php");
include_once("../../../wp-load.php");
....`
How can I avoid this error.
As explained before, this is due to some text which was already sent to the browser before your session_start() statement. Check if you haven't includes spaces/characters in your script or in one of the scripts your are including.
THis could also be an encoding problem, i.e. your file is encoded in UTF-8 with BOM but your webserver is configured in another charset, so the BOM is treated as extra characters (but this problem has indeed be answered a lot of times).
This is just a quick-fix, not the right solution.
Put an "#" symbol before the command, like this...
#session_start();
That will suppress any warnings or errors. You can do that with any PHP command. But it's not a good idea in general, because you are only putting a band-aid on the issue, and not resolving the root cause, which in your case is that the session_start() is getting called after something has been output to the buffer.
I have just added in my script :
if(!session_start()){
session_start();
}
All warnings gone.
Usually this error appears when there is output before session start function. sometimes even blank space or small character, file encoding problems.