|
PHP - Simple 1 Line Header() Issue
Hi All,
I'm trying to debug my first few lines of PHP where I have all my "checks" to make sure someone is logged in. I have this code all by itself and it is still not executing. This is the only page that I'm having trouble with. header('Location: login.php?logout=1'); Similar TutorialsHello everyone, I'm just starting out with PHP as I need to create an online bookstore for a school project. I'm working by a magazine which should teach you exactly how to do this using PHP, but I've had a bunch of problems with the code they use and I don't really know what's going on. Anyway, this looks really simple and basically what it does is allows you to post a comment on a book, then returns you to the book's page. Problem is, I'm getting the Header may not contain more than a single header, new line detected. error and I can't figure out why. I've tried researching into the matter but all the cases I found had to do with returning to an url, which is not my case. Anyway, here's the snippet of code: The form: Code: [Select] <div style="width:400px; border:1px solid #ffffff; background-color:#F9F1E7; padding:5px"> <b>Adauga opinia ta:</b> <hr size="1"> <form action="adauga_comentariu.php" method="POST"> Nume: <input type="text" name="nume_utilizator"><br><br> Email: <input type="text" name="adresa_email"><br><br> Comentariu: <br> <textarea name="comentariu" cols="45"></textarea><br><br> <input type="hidden" name="id_carte" value="<?=id_carte?>"> <center><input type="submit" value="Adauga"</center> </form> </div> The script adaugare_comentariu.php: Code: [Select] <?php ob_start(); include("conectare.php"); $numeFaraTags=strip_tags($_POST['nume_utilizator']); $emailFaraTags=strip_tags($_POST['adresa_email']); $comentariuFaraTags=strip_tags($_POST['comentariu']); $sql="insert into comentarii (id_carte, nume_utilizator, adresa_email, comentariu) values(".$_POST['id_carte'].", '".$numeFaraTags."','".$emailFaraTags."','".$comentariuFaraTags."')"; mysql_query($sql); $inapoi="carte.php?id_carte=".$_POST['id_carte']; header("location:urldecode($inapoi)"); ob_end_flush(); ?> conectare.php connects to the mysql database. $inapoi is the variable which returns the user to carte.php (the book he posted a comment on), where id_carte is the book's unique id. I'm getting Header may not contain more than a single header, new line detected on line ten, which is the header line. Can anyone help me? I've been stumped on this for a few days now and I've just let it pass and started working on other bits, but it's bugging me too much and I'd like to fix it. Hello, I have a syntax error on line 203 that is causing my code NOT work. Could someone please look at it and tell me what is wrong & more important how to fix it? Below is what I am getting. This " ~ " is server path info " Parse error: syntax error, unexpected $end in /~ /~ /~ /phptestform/real_form_processing.php on line 203" Also, how do I prevent "header injection", to keep my mail form from being open to abuse by spammers? thanks mrjap1 Code: [Select] <?php # Script if (isset($_POST['submit'])) { // Handle the form. // Register the user in the database. require_once ('mysql_connect_page.php'); // Connect to the db. // Create a function for escaping the data. function escape_data ($data) { global $dbc; // Need the connection. if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } return mysql_real_escape_string($data, $dbc); } // End of function. $message = NULL; // Create an empty new variable. // Check for a first name. if (empty($_POST['first_name'])) { $fn = FALSE; $message .= '<p>You forgot to enter your first name... its Required!</p>'; } else { $fn = escape_data($_POST['first_name']); } // Check for a last name. if (empty($_POST['last_name'])) { $ln = FALSE; $message .= '<p>You forgot to enter your last name... its Required!</p>'; } else { $ln = escape_data($_POST['last_name']); } // Check for an email address. if (empty($_POST['email'])) { $e = FALSE; $message .= '<p>You forgot to enter your email address... its Required!</p>'; } else { $e = escape_data($_POST['email']); } // Check for a address. if (empty($_POST['address'])) { $u = FALSE; $message .= '<p>You forgot to enter your address... its Required!</p>'; } else { $u = escape_data($_POST['address']); } // Check for a country. if (empty($_POST['country'])) { $u = FALSE; $message .= '<p>You forgot to enter your country... its Required!</p>'; } else { $u = escape_data($_POST['country']); } if ($salutation && $first_name && $last_name && $address && $city && $state_province && $zip_code && $email && $zip_code && $newsletter && $registration_date ) { // If everything's OK. $query = "SELECT id FROM visitors WHERE address='$address'"; $result = @mysql_query ($query); // Run the query. if (mysql_num_rows($result) == 0) { // Make the query. This code is what you will use to prevent duplicate of usernames $query = "INSERT INTO `mrjap1_database`.`visitors` (`id` , `salutation` , `first_name` , `last_name` , `address` , `city` , `state_province` , `zip_code` , `country` , `email` , `newsletter` , `registration_date`) VALUES ( NULL , '$_POST[salutation]', '$_POST[first_name]', '$_POST[last_name]', '$_POST[address]', '$_POST[city]', '$_POST[state_province]', '$_POST[zip_code]', '$_POST[country]', '$_POST[email]', '$_POST[newsletter]', '$_POST[registration_date]' , NOW() )"; $result = @mysql_query ($query); // Run the query. if ($result) { // If it ran OK. exit(); // Quit the script. } else { // If it did not run OK. $message = '<p>You could not be registered due to a system error. We apologize for any inconvenience.</p><p>' . mysql_error() . '</p>'; } mysql_close(); // Close the database connection. } else { $message .= '<p>Please try again.</p>'; } } // End of the main Submit conditional. // Print the error message if there is one. if (isset($message)) { echo '<font color="red">', $message, '</font>'; } ?> <?php // ALL THE SUBJECT and EMAIL VARIABLES $emailSubject = 'MY TEST EMAIL SCRIPTING!!! '; $webMaster = 'myemailaddress@gmail.com'; // GATHERING the FORM DATA VARIABLES $salutation = $_POST['salutation']; $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $address = $_POST['address']; $city = $_POST['city']; $state_province = $_POST['state_province']; $zip_code = $_POST['zip_code']; $country = $_POST['country']; $email = $_POST['email']; $newsletter = $_POST['newsletter']; $registration_date = $_POST['registration_date']; $date = date ("l, F jS, Y"); $time = date ("h:i A"); $body = <<<EOD <br /><hr><br /> <strong>Salutation: </strong>$salutation <br /> <strong>First Name:</strong>$first_name <br /> <strong>Last Name: </strong>$last_name <br /> <strong>Address: </strong>$address <br /> <strong>City: </strong>$city <br /> <strong>State_Province: </strong>$state_province <br /> <strong>Zip Code: </strong>$zip_code <br /> <strong>Country: </strong>$country <br /> <strong>Email:</strong> $email <br /> <strong>Zip Code:</strong> $zip_code <br /> <strong>Newsletter:</strong> $newsletter <br /> <strong>Registration Date:</strong> $date at $time <br /> EOD; // THIS SHOW ALL E-MAILED DATA, ONCE IN THE E-MAILBOX AS READABLE HTML $headers = "From: $email\r\n"; $headers .= "Content-type: text/html\r\n"; $success = mail($webMaster, $emailSubject, $body, $headers); // THE RESULTS OF THE FORM RENDERED AS PURE HTML $theResults = <<<EOD <!DOCTYPE HTML> <html lang="en"> <head> <style type="text/css"> body { font-family:Arial, Helvetica, sans-serif; font-size:11px; font-weight:bold; } #thankyou_block { width: 400px; height: 250px; text-align:center; border: 1px solid #666; padding: 5px; background-color: #0CF; border-radius:8px; -webkit-border-radius:8px; -moz-border-radius:8px; -opera-border-radius:8px; -khtml-border-radius:8px; box-shadow:0px 0px 10px #000; -webkit-box-shadow: 0px 0px 10px #000; -moz-box-shadow: 0px 0px 10px #000; -o-box-shadow: 0px 0px 10px #000; margin: 25px auto; } p { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 18px; letter-spacing:1px; color: #333; } </style> <meta charset="UTF-8"> <title>THANK YOU!!!</title> </head> <body> <div id="thankyou_block"> <br><br><br> <h1>CONGRATULATIONS!!</h1> <h2>YOUR FORM HAS BEEN PROCESSED!!!</h2> <p>You are now registered in our Database...<br> we will get back to you very shortly.<br> Please have a very wondeful day.</p> </div> </body> </html> EOD; echo "$theResults"; ?> this question seems so stupid, but i really want to know the best way to write this code. let say i have this code: if(empty($num)) { header("Location:index.php"); } is it okay if i write it down like this? if(empty($num)) { header("Location:index.php"); } i mean there is a whitespace behind header() thanks in advance Hello All, I am new to php and programming in general. My question is as follows. I have created a header.inc.php and the index.php which includes header.inc.php. I have title set in header.inc.php under the "head". Code: [Select] <title><?php echo $title; ?> In the index.php, I have set variable $title to "Home Page" $title = "Home Page"; But whenever I visit index.php, the title is never called. Is it because the header has no clue where the $title is? <?php session_start(); if(!isset($_SESSION['User'] )) header('Location : error.php'); ?> im not being redirected even when the $_SESSION['User'] is not set neither does it display any error message other than a white blank space. Please help me som1 as how I can make this to work or suggest any other altenatives so as to get it redirected as i dont want anonymous users to access some contents unles he logs in as members. Thanx Afternoon all, Quick query; On the index.php page I have a hyperlink entitled LOGOUT. This allows the users to log out of their current session. The hyperlink directs to a logout.php page with the following contents: Code: [Select] <?php session_end(); ?> <html> <head></head> <body> <?php header('Location: index.php'); ?> </body> </html> Essentially; the code should end the session and redirect the browser back to the main page. Currently, the hyperlink does redirect to the logout.php page, but; - it doesn't return to the index.php page - if I click the back button, the session is still alive Can anyone assist? Is there a better way of doing this? This isn't something that hasn't been done before, but finding the topic in the forums has been difficult. Thanks in advance. Hi Everyone was kind enough to help with my last issue and am now nearly there. The data actually populates correctly now in my database, however, it will not direct me to my redirect. I get the error Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\loginsystem\Permnew.php:4) in C:\xampp\htdocs\loginsystem\Permnew.php on line 124 This is the redirect i am trying to do anyone any ideas? Thanks Steve
<?php
require "header.php";
?>
<main>
<div class="wrapper-main">
<div class="welcomelogged">
<p>Adding A Permanent New Starter<p>
</div>
<form class="form-addperm" action="" method="post">
<table id="Tableperm" width="1000px;" border="0">
<tr>
<th align="right" scope="row"><label for="select">Week Commencing</label></th>
<td><select name="WeekComm">
<option value="WC 6th April">WC 6th April</option>
<option value="WC 13th April">WC 13th April</option>
<option value="WC 20h April">WC 20h April</option>
<option value="WC 27h April">WC 27h April</option>
</select></td>
</tr>
<tr>
<th align="right" scope="row"><label for="StartDate">Start Date</label></th>
<td><input type="date" name="StartDate" placeholder="Start Date"></td>
</tr>
<tr>
<th align="right" scope="row"><label for="select1">Consultant</label></th>
<td><select name="Consultant">
<option value="Steven Buntin">Steven Buntin</option>
<option value="Sam Ahmed">Sam Ahmed</option>
<option value="David Millington">David Millington</option>
<option value="Steven Nixon">Steven Nixon</option>
<option value="Grahame Walsh">Grahame Walsh</option>
<option value="Helal Ahmed">Helal Ahmed</option>
</select></td>
</tr>
<tr>
<th align="right" scope="row"><label for="FirstName">First Name</label></th>
<td><input type="text" name="FirstName" placeholder="First Name"></td>
</tr>
<tr>
<th align="right" scope="row"><label for="LastName">Last Name</label></th>
<td><input type="text" name="LastName" placeholder="Last Name"></td>
</tr>
<tr>
<th align="right" scope="row"><label for="ClientName">Client Name</label></th>
<td><input type="text" name="ClientName" placeholder="Client Name"></td>
</tr>
<th align="right" scope="row"><label for="Position">Position</label></th>
<td><input type="text" name="Position" placeholder="Position"></td>
</tr>
<th align="right" scope="row"><label for="Comments">Comments</label></th>
<td><input type="text" name="Comments" placeholder="Comments"></td>
</tr>
<tr>
<th align="right" scope="row"><label for="Salary">Salary</label></th>
<td><input type="varchar" name="Salary" placeholder="Salary"></td>
</tr>
<tr>
<th align="right" scope="row"><label for="ChargePercentage">Charge Percentage</label></th>
<td><input type="varchar" name="ChargePercentage" placeholder="ChargePercentage"></td>
</tr>
<ty>
<th align="right" scope="row"><label for="GPNotes">GP Notes</label></th>
<td><input type="text" name="GPNotes" placeholder="GPNotes"></td>
</tr>
</table>
<button type="submit" name="addstarter">Add Starter</button>
</form>
</div>
</main>
<?php
$dBServername = "localhost";
$dBUsername = "root";
$dBPassword = "";
$dBName = "loginsystemtut";
mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);
$conn = mysqli_connect($dBServername, $dBUsername, $dBPassword, $dBName);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
if (isset($_POST['addstarter'])) {
$WeekComm = $_POST['WeekComm'];
$StartDate = $_POST['StartDate'];
$Consultant = $_POST['Consultant'];
$FirstName = $_POST['FirstName'];
$LastName = $_POST['LastName'];
$ClientName = $_POST['ClientName'];
$Position = $_POST['Position'];
$Comments = $_POST['Comments'];
$Salary = $_POST['Salary'];
$ChargePercentage = $_POST['ChargePercentage'];
$GPNotes = $_POST['GPNotes'];
$sql = ("INSERT INTO permanent (WeekComm, StartDate, Consultant, FirstName, LastName, ClientName, Position, Comments, Salary, ChargePercentage, GpNotes) values (?,?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
// If there is an error we send the user back to the signup page.
header("Location: ../signup.php?error=sqlerror");
exit();
}
else {
mysqli_stmt_bind_param($stmt,"sssssssssss",$WeekComm,$StartDate,$Consultant,$FirstName,$LastName,$ClientName,$Position,$Comments,$Salary,$ChargePercentage,$GPNotes);
mysqli_stmt_execute($stmt);
}
header("Location: ../loginsystem/permnew1.php?success");
exit();
}
?>
Code: [Select] <?php { $name=$_POST["txtGiven"]; $surname=$_POST["txtFamily"]; $user=$_POST["txtUser"]; $email=$_POST["txtEmail"]; $password=$_POST["txtPassword"]; $query="INSERT INTO Customer(Firstnames,Surname,Username,Email,Password) VALUES('$name','$surname','$user','$email','$password')"; include"connection.php"; $result=mysql_query($query)or die("Error in query: $query. ".mysql_error());; header("Location: userReceipt.php"); mysql_close($connection); } ?> ive tried removing all the spaces from all my php pages. That is the most common solution that comes up and nothing seems to work. I also have a login page where the same error is I cant seem to get the right format for adding in the echo to this header Code: [Select] <?php header("Location: search_goaulds.php?goauld= "echo $grab_goauld"); ?> I am having an issue with some scripts on my site. It won't redirect and emits an error. This occurs for only some of my scripts, but for the ones in which it does occur, it occurs 100% of the time. On a previous server, I didn't have this issue, now I do. I get the following error: Warning: Cannot modify header information - headers already sent by (output started at /www/zzl.org/f/a/n/fantasyboxingonline/htdocs/bg/train_stat.php:5) in /www/zzl.org/f/a/n/fantasyboxingonline/htdocs/bg/train_stat.php on line 29 Below is the code to the page that emitted the error above (Note: session_start(); IS in autoupdater.php I'm not that stupid): <?php require_once("../autoupdater.php"); ?> <link rel="stylesheet" type="text/css" href="/style.css"/> <?php if(!$_SESSION["loggedin"]) { die("<b>You are not logged in, or you have been logged out. Please <a href=\"/login/\" target=\"_top\">login again!</a></b>"); } $id = $_GET["id"]; if($id > 4 || $id < 1) { die("<center><h2>An error occurred. You are trying to train an invalid statistic.</h2></center>"); } $userid = $_SESSION["userid"]; $time = time(); $stattraining = $_SESSION["stattraining"]; if($stattraining) { if($stattraining == 1) { $statname = "powerful"; } elseif($stattraining == 2) { $statname = "quick"; } elseif($stattraining == 3) { $statname = "skilled"; } elseif($stattraining == 4) { $statname = "durable"; } die("<center><h2>You cannot train! You are already training $statname!</h2></center>"); } mysql_query("UPDATE `users` SET `stattraining`='$id', `statstarttime`='$time' WHERE `userid`='$userid'", db_connect_select()); header("Location: training.php"); die(); ?> Any help or suggestions would be greatly appreciated. -Moon
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<style>
.error {color: #FF0000;}
h6
{
font-family: bookman old style;
font-size:20px;
text-align: center;
font-weight: normal;
}
h5
{
font-family: bookman old style;
font-size:15px;
text-align: center;
font-weight: normal;
}
</style>
<?php
$nameErr = $emailErr = $websiteErr = $categoryErr;
$name = $email = $comment = $website = $reset = $category;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["name"])) {
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "Only letters and white space allowed";
}
}
if (empty($_POST["email"])) {
$emailErr = "Email is required";
} else {
$email = test_input($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "Invalid email format";
}
}
if (empty($_POST["website"])) {
$websiteErr = "URL is required";
} else {
$website = test_input($_POST["website"]);
if (!preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i",$website)) {
$websiteErr = "Invalid URL";
}
}
if (empty($_POST["comment"])) {
$comment = "";
} else {
$comment = test_input($_POST["comment"]);
}
if (empty($_POST["category"])) {
$categoryErr = "Category is required";
} else {
$category = test_input($_POST["category"]);
}
if (!empty($_POST['name']) && !empty($_POST['email']) && !empty($_POST['website']) && !empty($_POST['category'])) {
$myemail = "links@loadsofads.com";
$subject = "Link Submission";
$message = "Your Link Submission form has been submitted by:
Website Name: $name
E-mail: $email
URL: $website
Category: $category
Description:
$comment";
mail($myemail, $subject, $message);
header('location:submitthanks.php');
}}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<?php include'header.php'?>
<h6>Link Submission</h6>
<h5><p><span class="error">* required field.</span></p>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Name Of Site: <input type="text" name="name" value="">
<span class="error">* <?php echo $nameErr;?></span>
<br><br>
E-mail: <input type="text" name="email" value="">
<span class="error">* <?php echo $emailErr;?></span>
<br><br>
URL: <input type="text" name="website" value="">
<span class="error">* <?php echo $websiteErr;?></span>
<br><br>
Description: <textarea name="comment" rows="5" cols="40"></textarea>
<br><br>
Category Of Site: <select size="1" name="category">
<option value=""> -- Please select -- </option>
<option>Arts</option>
<option>Business</option>
<option>Computers</option>
<option>Games</option>
<option>Health</option>
<option>Home</option>
<option>Kids and Teens</option>
<option>News</option>
<option>Recreation</option>
<option>Reference</option>
<option>Science</option>
<option>Shopping</option>
<option>Society</option>
<option>Sports</option>
<option>World</option>
</select><span class="error">* <?php echo $categoryErr;?></span>
<br><br>
<input type="submit" name="submit" value="Submit"> <input type="reset" name="reset" value="Reset Form">
</form>
<?php include'footer.php'?>
Hello All,
OK so I have been at this for a few days now and everywhere I go to learn or read information it says the same thing,
to redirect the code is header('location:mypage.php');exit();
but it just will not redirect it every thing I try it does not load the redirect page. it clears the form and sits there, I do not know why! Can please someone please help me and see why it is not doing it?
Thanks
I am trying to understand how Cache-Control works when you define using header function in PHP. If I specify Cache-Control "max-age=3600, must-revalidate" in php using header function Does browser/proxy cache(liek Squid/Akamai) go all the way to orgin server to validate before max-age expires? Or will it serve content from cache till max-age expires? What if I want to a browser to check for any updated file before max-age expires ? Hello everyone, I'm building a wordpress site, which of course is in PHP. One of the things I did was start with a template I moderately liked and have edited it until I do like it. I know the problems with debugging that this causes but I'm too far invested now to back out. One of the things I added to the header was some simple scroll-over images that have links. I created a div-id in the CSS style sheet for where this will go in the header and put in the image using the simple rollover image creator in dreamweaver. The images work fine on every page BUT the blog posts themselves. Then it's just an empty void without the images themselves. Any insight to where the problem could lie, in the header, in the pages, ect, would be really helpful. Thanks! Hi, I'm having trouble with redirect my page to another page. what I have is a page that uses a form to insert into a database, the form is then processed to another page (insert.php) which will insert the information inserted in the form. I'm trying to work out how I could redirect the user to another page once the data has been successfully inserted. this is what I have now: insert.php Code: [Select] <?php $link = mysql_connect('ericlee.dot5hostingmysql.com', 'user', 'password'); if (!$link) { die('Could not connect: ' . mysql_error()); } //echo 'Connected successfully'; mysql_select_db('remarch', $link); $sql="INSERT INTO posts (Name, Location, Fault, Other, Description) VALUES ('$_POST[name]','$_POST[location]','$_POST[fault]','$_POST[other]','$_POST[description]')"; header('Location: about.html'); if (!mysql_query($sql,$link)) { die('Error: ' . mysql_error()); } mysql_close($link); ?> I'm pretty sure it's just the placing of the code Quote header('Location: about.html'); . Would be appreciated if someone could give me some guidance Thank you in advance! Hi all, I have a question. How do I put a new line in a script? I've tried everything. <?php $con = mysql_connect("localhost","*","*"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("my_db", $con); $sql="SELECT * FROM People WHERE FirstName='Borko' AND LastName='Borkov'"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "Found!"; echo($sql); mysql_close($con) ?> I wrapped it in <html> and so on, <br /> doesn't work. Saved it in html, <br /> still doesn't work and the script doesn't execute. The output I get right now is Quote Found!SELECT * FROM People WHERE FirstName='Borko' AND LastName='Borkov' I want it to display Quote Found! SELECT * FROM People WHERE FirstName='Borko' AND LastName='Borkov' And another question - how can I see what the sql variable is searching for from the browser? For now, as you have seen, I just use the echo($sql) but it doesn't quite cut it - is there a way to see just FirstName and LastName without the whole code? I tried echo($sql [FirstName] [LastName], as you've already guessed it didn't work... A hint would also be greatly appreciated! Any help on these two issues? Is there a simple way getting PHP to open a single file and write to a specific line? Like: fwrite (line = 102) {"bla bla bla"}; fclose; Hi, I read the HEADER advice on the forum but I think that I still need help to figure out what I am doing wrong with header("location: page_to_load"). In local, the redirection works without problems. When I test online on a free server (p4o.net), it works fine; but when I test it on the paid server (mediaserve.com), the redirect loads a blank page. After the blank page is loaded, I manually load the protected page (MyAccount.php) and all the information were displayed successfuly. I logged out and signed in with wrong credential. The result is a blank page. I manually loaded MyAccount.php again and I had "Access denied". I then concluded that the redirection deos not work. Is there any work arround for this situation? Please help. Thanks Login.php Code: [Select] <form id="login" method="POST" action="handlers/login_handler.php"> <strong>Username</strong> <input name="TextBoxEmailAdress" type="text" id="TextBoxEmailAddress" /> <strong>Password</strong> <input name="TextBoxPassword" type="password" id="TextBoxPassword" /> <input name="ButtonSubmit" value="Login" id="ButtonSubmit" type="submit" /> </form> login_handler.php Code: [Select] <?php ob_start(); //Start session session_start(); //Include database connection details require_once('../includes/WebConfig.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $Var_EmailAddress = clean($_POST['TextBoxEmailAddress']); $Var_Password1 = clean($_POST['TextBoxPassword']); //Input Validations if($Var_EmailAddress== '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($Var_Password1== '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: ../index.php?PageId=login"); exit(); } //Create query $Var_Password1 = md5($Var_Password1); $query="SELECT * FROM $tbl_member WHERE EmailAddress='$Var_EmailAddress' AND Password1='$Var_Password1'"; $result=mysql_query($query); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['Member_Id']; $_SESSION['SESS_FIRST_NAME'] = $member['FirstName']; $_SESSION['SESS_LAST_NAME'] = $member['LastName']; $_SESSION['SESS_EMAIL_ADDRESS'] = $member['EmailAddress']; $_SESSION['SESS_ADMIN_ROLE'] = $member['AdminRole']; $_SESSION['SESS_CONTRIB_EMAIL'] = ""; session_write_close(); header("location: ../MyAccount.php"); exit(); } else { //Login failed header("location: ../index.php?PageId=login-failed"); exit(); } } else { //echo "mysql error: " .mysql_error(); //echo "<br> mysql error number: " .mysql_errno(); //die("Query failed"); //Login failed header("location: ../index.php?PageId=login-failed"); } ?> Hello -- I'm trying to work through a very simple CMS that I found on the web (just for learning purposes). I need some help understanding this line: <table> <form method="POST" action="account.php?mode=save<?=( isset($_REQUEST['id']) ? "&id={$_REQUEST['id']}" : null )?> <? I understand the Method = "POST", but not the "action = " line. Thanks for any help. Hi Guys, Been a while since I've been on the forums but I have a really bugging problem that I've never seen before. I have two websites one of which is http://www.get-xbox-kinect.co.uk which I have used the same php script for. The script fetches a link from the database when executed by the user clicking a external link. I have had reports from users saying that when they hit a link the external page loads up but at the same time an alert window appears saying 'not enough memory at line xx'. For some reason it seems to be a different line number for different users too. I can only confirm this happens in IE8 but I guess it will probably do the same thing in IE6 and 7 too. It is not an issue however in Firefox or Safari. Here is my exit link script Code: [Select] <?php include('./globals.php'); $affiliate = $_GET['affil']; $user_ip = $_SESSION['user_ip']; date_default_timezone_set('Europe/London'); $date = date('D, d M Y H:i:s'); $entry_url = $_SESSION['referer']; $result = mysql_query("SELECT url FROM affiliate WHERE affiliate = '". $affiliate ."'") or die(mysql_error()); $row = mysql_fetch_array($result); $exitlink = $row[0]; if($user_ip == '00.00.000.00') { header("Location: " . $row["url"] . ""); } else { $result = mysql_query("UPDATE affiliate SET clicks = clicks +1 WHERE affiliate ='$affiliate'") or die(mysql_error()); mysql_query("INSERT INTO affiliate_clicks (affiliate, user_ip, date, entry_url) VALUES('$affiliate', '$user_ip', '$date', '$entry_url') ")or die(mysql_error()); header("Location: " . $row["url"] . ""); }; ?> Not sure if it actually has anything to do with this script or it's something else at play. I'm sure someone must have come across this problem before. Any help would be much appreciated! Thanks. PHP = 5.5.14
MySQL = 5.2.17
I've cloned a mysqli_connect() statement in a 'require' file placed in a non-public access location on the server. It's the same format (and location) currently working fine with another application, EXCEPT i changed the database name to what I need to use for this application, AND added the $con= part on the front end to substitute for the commented out $con= line in the example code I'm modifying to insert data into a new MySQL DB Table.
The dB Table is fine and I have Inserted data via myPHPAdmin with no problems. Only two form variables are in the simple PHP script thus far just to test if it will work before proceeding.
I've used pseudonames for the actual /home/.... location and filename, and am now Baffled about the Line 2 Error Message I'm getting (below the code).
<?php
require '/home/myusername/domains/mydomain.com/myclonedrequire.php';
//$con=mysqli_connect("example","uid","pwd","my_db");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$year = mysqli_real_escape_string($con, $_POST['year']);
$callsign = mysqli_real_escape_string($con, $_POST['callsign']);
$sql="INSERT INTO `lqplogs` (`year`, `callsign`)
VALUES ('$year', '$callsign');
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
ERROR Message:
Warning: Unexpected character in input: '\' (ASCII=92) state=1 in (above file & location) on line 2
There are NO '\' characters in any of my files.
Here is the simple Form file code:
<?php ?> <html: <head><title></title></head> <body> <form action="insert.php" method="post"> YEAR: <input type="text" name="year"> CALLSIGN: <input type="text" name="callsign"> <input type="submit"> </form> </body> </html> <?php ?>Thanks for any assistance! -FreakingOUT |
|||||||