PDA

View Full Version : can't redirect back to my requested page



Adler80
10-02-2008, 09:54 PM
hey guys,

i recently started to learn some web design and thanks to all these forums, i have learned alot. but i ended up being too greedy and tried to put a comment box in my site, which put me into a lot of trouble.

i have now managed to create the form in HTML for my visitors to input their info and created a database in MySQL and connected to it using a PHP file. i can now post data to the dataase but when clicking submission button it shows me an error page saying: Warning: Cannot modify header information - headers already sent by (output started at /home/content/a/d/l/myusername/html/Library/guestbook.php:1) in /home/content/a/d/l/myusername/html/Library/guestbook.php on line 42

i dont know what i'm doing wrong here. this is the guestbook.php am using, which is in a directory called Library:


<?php
include 'config.php';
include 'opendb.php';

if(isset($_POST['btnSign']))
{
include 'config.php';
include 'opendb.php';


$name = trim($_POST['txtName']);
$email = trim($_POST['txtEmail']);
$url = trim($_POST['txtUrl']);
$message = trim($_POST['mtxMessage']);

if(!get_magic_quotes_gpc())
{
$message = addslashes($message);
}


// if the visitor do not enter the url
// set $url to an empty string
if ($url == 'http://')
{
$url = '';
}

$query = "INSERT INTO guestbook (name,
email,
url,
message,
entry_date)
VALUES ('$name',
'$email',
'$url',
'$message',
current_date)";

mysql_query($query) or die('Error, query failed');

header('Location: ' . $_SERVER['REQUEST_URI']);
exit;
}

?>

and here is the HTML code for the form i use:


<form method="post" name="guestform" action="Library/guestbook.php">
<table width="550" border="0" cellpadding="2" cellspacing="1">
<tr>
<td width="100">Name *</td>
<td><input name="txtName" type="text" id="txtName" size="30" maxlength="30"></td>
</tr>
<tr>
<td width="100">Email</td>
<td><input name="txtEmail" type="text" id="txtEmail" size="30" maxlength="50"></td>
</tr>
<tr>
<td width="100">Website URL</td>
<td><input name="txtUrl" type="text" id="txtUrl" value="http://" size="30" maxlength="50"></td>
</tr>
<tr>
<td width="100">Message *</td>
<td><textarea name="mtxMessage" cols="80" rows="5" id="mtxMessage"></textarea></td>
</tr>
<tr>
<td width="100">&nbsp;</td>
<td><input name="btnSign" type="submit" id="btnSign" value="Sign Guestbook" onClick="return checkForm();"></td>
</tr>
</table>
</form>

thank you all very much for all the effort

Adler,

BabblingIdjit
10-02-2008, 10:07 PM
That error is likely caused by some output being sent to the browser before this line:


header('Location: ' . $_SERVER['REQUEST_URI']);

This is most likely some whitespace before the <?php or after the ?> in one of the included files. Make sure there are no blank lines, spaces or other whitespace.

Several things I noticed:
1.


<?php
include 'config.php';
include 'opendb.php';

if(isset($_POST['btnSign']))
{
include 'config.php';
include 'opendb.php';

You are already including config.php and opendb.php in the first two lines of the script. There is no need to include them again after the if.

2. You are inserting raw user-supplied data into your database. This is a security concern and is very exploitable. At the very least, you should be running all string inputs through mysql_real_escape_string (http://www.php.net/manual/en/function.mysql-real-escape-string.php) first. You may also want to look into using mysqli (http://www.php.net/manual/en/book.mysqli.php) or PDO (http://www.php.net/manual/en/book.pdo.php)

Adler80
10-02-2008, 11:08 PM
ok, i've checked the included files jsut like you said. no space or anything before <?php or after ?> but what i think might not be right is that my guestbook.php is in another directory (library/guestbook.php) and my page in which the form is located is on the root directory hence i have the form action as
... action="Library/guestbook.php" so when i point my mouse on the submission button, in the status bar it shows me Library/guestbook.php

is that right or does it need to show me the address of my current page which

header('Location: ' . $_SERVER['REQUEST_URI']);
is pointing at?!!!

and regarding the security i definitely need to get back to you as soon as i get this actually work. and guess what? i have no clue about that either :( but the good fact is that i learn as fast as a skyrocket ;)

cheers,

BabblingIdjit
10-02-2008, 11:24 PM
The fact that your files are in different directories will not cause that error message. The error message means that something - header, whitespace, output - something has been sent to the browser before the header(...). Nothing else will throw that particular error.

By any chance, are you saving the .php files in utf-8? It could be placing a BOM marker which would not be readily visible, but would still be there.

If not, it is definitely some output to the browser from either the main .php file, or one of the included files.

The status bar will not be showing you the location of the redirect. That is handled server-side by php, not client-side.

Adler80
10-03-2008, 12:41 AM
oh you are a genius babblingidjit ;)

well, when i want to log in to my database in my server host website, when i'm entering my username and password there is a language option too and by default it is set to uft-8. are you saying that causes all the trouble? if thats the case, how i can fix it?!

thanks

Adler

Adler80
10-03-2008, 12:45 AM
i just checked my database, its collation is set to utf-8 :( should i delet it and make a new one?

BabblingIdjit
10-03-2008, 12:48 AM
No, the database collation is not causing the problem. It's actually only a problem when the files are uploaded to your server.

Assuming you are developing the files on your local system and uploading them to the server, just ensure that the files are saved in ASCII mode and uploaded in ASCII mode.

I don't know how you're uploading the files, but most FTP programs allow you to set this option.

BabblingIdjit
10-03-2008, 12:58 AM
I should add that considering your location, you will probably need your database collation as utf-8, in order to properly store the characaters in your language.

Adler80
10-03-2008, 12:59 AM
well, i was using microsoft expression to publish my files since thats wot i use to edit my site and pages. but just to make sure i just uploaded them again with filezilla and set the transfer type to ascii but still the same

BabblingIdjit
10-03-2008, 02:28 AM
Well if there is no whitespace, newline or BOM outside of the opening/closing tags, then there's something being output somewhere in the files before that line.

You can post the contents of all 3 files if you'd like, but be sure to replace any sensitive data (passwords, system paths, etc) with dummy data first.

Adler80
10-03-2008, 10:35 AM
you are awesome BabblingItjit

here is my confing.php:

<?php
$dbhost = 'myserverIP';
$dbuser = 'myusername';
$dbpass = 'mypassord';
$dbname = 'mydatabasename';
?>

and here is my opendb.php:

<?php
$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die
('Error connecting to mysql');
mysql_select_db($dbname);
?>

and here is my guestbook.php:

<?php
include 'config.php';
include 'opendb.php';

if(isset($_POST['btnSign']))
{

$name = trim($_POST['txtName']);
$email = trim($_POST['txtEmail']);
$url = trim($_POST['txtUrl']);
$message = trim($_POST['mtxMessage']);

if(!get_magic_quotes_gpc())
{
$message = addslashes($message);
}


// if the visitor do not enter the url
// set $url to an empty string
if ($url == 'http://')
{
$url = '';
}

$query = "INSERT INTO guestbook (name,
email,
url,
message,
entry_date)
VALUES ('$name',
'$email',
'$url',
'$message',
current_date)";

mysql_query($query) or die('Error, query failed');

header('Location: ' . $_SERVER['REQUEST_URI']);
exit;
}

?>

please note that all these files are located in a directory named "Library"

and then in my root directory i have my HTML file which is below:

<html>
<head>
<title>Guestbook</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript">
/*
This function is called when
the 'Sign Guestbook' button is pressed
Output : true if all input are correct, false otherwise
*/
function checkForm()
{
// the variables below are assigned to each
// form input
var gname, gemail, gurl, gmessage;
with(window.document.guestform)
{
gname = txtName;
gemail = txtEmail;
gurl = txtUrl;
gmessage = mtxMessage;
}

// if name is empty alert the visitor
if(trim(gname.value) == '')
{
alert('Please enter your name');
gname.focus();
return false;
}
// alert the visitor if email format is not correct
else if(trim(gemail.value) != '' && !isEmail(trim(gemail.value)))
{
alert('Please enter a valid email address or leave it blank');
gemail.focus();
return false;
}
// alert the visitor if message is empty
else if(trim(gmessage.value) == '')
{
alert('Please enter your message');
gmessage.focus();
return false;
}
else
{
// when all input are correct
// return true so the form will submit
return true;
}
}

/*
Strip whitespace from the beginning and end of a string
Input : a string
Output : the trimmed string
*/
function trim(str)
{
return str.replace(/^\s+|\s+$/g,'');
}

/*
Check if a string is in valid email format.
Input : the string to check
Output : true if the string is a valid email address, false otherwise.
*/
function isEmail(str)
{
var regex = /^[-_.a-z0-9]+@(([-a-z0-9]+\.)+(ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co |com|coop|cr|cs|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gh|gi|gl|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|h n|hr|ht|hu|id|ie|il|in|info|int|io|iq|ir|is|it|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mg|mh|mil|mk|ml|mm|mn|mo|m p|mq|mr|ms|mt|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no|np|nr|nt|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb |sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu| za|zm|zw)|(([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5])\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|[2][0-4][0-9]|[2][5][0-5]))$/i;
return regex.test(str);
}
</script>
</head>
<body>
<form method="post" name="guestform" action="Library/guestbook.php">
<table width="550" border="0" cellpadding="2" cellspacing="1">
<tr>
<td width="100">Name *</td>
<td><input name="txtName" type="text" id="txtName" size="30" maxlength="30"></td>
</tr>
<tr>
<td width="100">Email</td>
<td><input name="txtEmail" type="text" id="txtEmail" size="30" maxlength="50"></td>
</tr>
<tr>
<td width="100">Website URL</td>
<td><input name="txtUrl" type="text" id="txtUrl" value="http://" size="30" maxlength="50"></td>
</tr>
<tr>
<td width="100">Message *</td>
<td><textarea name="mtxMessage" cols="80" rows="5" id="mtxMessage"></textarea></td>
</tr>
<tr>
<td width="100">&nbsp;</td>
<td><input name="btnSign" type="submit" id="btnSign" value="Sign Guestbook" onClick="return checkForm();"></td>
</tr>
</table>
</form>
<br>
<br>
</body>
</html>

and to be honest i'm still confused why when i press the submmission button it's redirected to my php file, i mean the page on which the error is shown has an address as such http://www.mywebsite.com/Library/guestbook.php shouldn't it be my same htm page that I have my form in?

i hope i'm not being so much pain. I appreciate all your support and effort

Adler

BabblingIdjit
10-03-2008, 04:36 PM
OK, I don't see anything in your code that would be outputting anything to the browser. So that brings us back to whitespace being outside the opening/closing php tags. Unfortunately, I can't see that from a forum post.

I can't stress this enough: there can be no whitespace of any kind outside of the opening / closing php tags. That means no spaces, no tabs, no newlines, no non-printing characters of any kind.

Since you are not actively outputting anything to the browser before the header(...) and not using Sessions, I know of no other cause of this error.

If you can't find it, the only other solution I can think of would be to make use of Output Buffering (http://www.php.net/manual/en/book.outcontrol.php). IMO, this is not an ideal solution since finding the cause of the error would be preferable, and I, personally, don't use output buffering but there are programmers who do use it.



and to be honest i'm still confused why when i press the submmission button it's redirected to my php file, i mean the page on which the error is shown has an address as such http://www.mywebsite.com/Library/guestbook.php shouldn't it be my same htm page that I have my form in?
It's being redirected to the .php page since that is what is shown in the <form action= tag in your form. This would be necessary for .php to process the submission.

HTH

Adler80
10-07-2008, 04:26 PM
hey back,

something came to my mind and thought it may help the problem to solve. what happens if i combine all my phps together and put a single php within the HTML page on the very top of the page? but i didnt know what i'm supposed to put in "action" part of my form as there are literally no php files to point the form to.

thanks

BabblingIdjit
10-07-2008, 05:00 PM
If done properly, that should solve the immediate problem. You'll likely have to change the page's filename to have a .php extension. Depending on what the php code is doing, you may well have to include a conditional statement ( ie: if()) to test whether the form has been submitted or this is the first visit to the page, and only execute the php if appropriate.

However, this may or may not be the best approach. The idea of including files, is that you can re-use code - write it once, use it many times. By combining the included files into your main page file, if you need to edit the included code, you'll have to edit it in all files rather than just one included file.

If you take this approach, the form action should be the same filename as the file containing the form.