can't redirect back to my requested page

[Adler80]

hey guys,

i recently started to learn some web design and thanks to all these forums, i have learned alot. but i ended up being too greedy and tried to put a comment box in my site, which put me into a lot of trouble.

i have now managed to create the form in HTML for my visitors to input their info and created a database in MySQL and connected to it using a PHP file. i can now post data to the dataase but when clicking submission button it shows me an error page saying: Warning: Cannot modify header information - headers already sent by (output started at /home/content/a/d/l/myusername/html/Library/guestbook.php:1) in /home/content/a/d/l/myusername/html/Library/guestbook.php on line 42

i dont know what i'm doing wrong here. this is the guestbook.php am using, which is in a directory called Library:

PHP Code:

<?php 
include 'config.php';
include 'opendb.php';

if(isset($_POST['btnSign']))
{
   include 'config.php';
   include 'opendb.php';


   $name    = trim($_POST['txtName']);
   $email   = trim($_POST['txtEmail']);
   $url     = trim($_POST['txtUrl']);
   $message = trim($_POST['mtxMessage']);

   if(!get_magic_quotes_gpc())
   {
      $message = addslashes($message);
   }


   // if the visitor do not enter the url
   // set $url to an empty string
   if ($url == 'http://')
   {
      $url = '';
   }

   $query = "INSERT INTO guestbook (name, 
                                    email, 
                                    url, 
                                    message, 
                                    entry_date) 
             VALUES ('$name', 
                     '$email', 
                     '$url', 
                     '$message', 
                     current_date)";

   mysql_query($query) or die('Error, query failed');

   header('Location: ' . $_SERVER['REQUEST_URI']);
   exit;
}

?>

and here is the HTML code for the form i use:

HTML Code:

<form method="post" name="guestform" action="Library/guestbook.php">
	 <table width="550" border="0" cellpadding="2" cellspacing="1">
		<tr> 
			<td width="100">Name *</td> 
			<td><input name="txtName" type="text" id="txtName" size="30" maxlength="30"></td>
	  	</tr>
		<tr> 
			<td width="100">Email</td>
			<td><input name="txtEmail" type="text" id="txtEmail" size="30" maxlength="50"></td>
		</tr>
		<tr> 
			<td width="100">Website URL</td>
			<td><input name="txtUrl" type="text" id="txtUrl" value="http://" size="30" maxlength="50"></td>
		</tr>
		<tr> 
			<td width="100">Message *</td> 
			<td><textarea name="mtxMessage" cols="80" rows="5" id="mtxMessage"></textarea></td>
		</tr>
		<tr> 
			<td width="100">&nbsp;</td>
			<td><input name="btnSign" type="submit" id="btnSign" value="Sign Guestbook" onClick="return checkForm();"></td>
  		</tr>
	</table>
</form>

thank you all very much for all the effort

Adler,

[BabblingIdjit]

That error is likely caused by some output being sent to the browser before this line:

Code:

header('Location: ' . $_SERVER['REQUEST_URI']);

This is most likely some whitespace before the <?php or after the ?> in one of the included files. Make sure there are no blank lines, spaces or other whitespace.

Several things I noticed:
1.

PHP Code:

<?php 
include 'config.php';
include 'opendb.php';

if(isset($_POST['btnSign']))
{
   include 'config.php';
   include 'opendb.php';

You are already including config.php and opendb.php in the first two lines of the script. There is no need to include them again after the if.

2. You are inserting raw user-supplied data into your database. This is a security concern and is very exploitable. At the very least, you should be running all string inputs through mysql_real_escape_string first. You may also want to look into using mysqli or PDO

[Adler80]

ok, i've checked the included files jsut like you said. no space or anything before <?php or after ?> but what i think might not be right is that my guestbook.php is in another directory (library/guestbook.php) and my page in which the form is located is on the root directory hence i have the form action as

... action="Library/guestbook.php"

so when i point my mouse on the submission button, in the status bar it shows me Library/guestbook.php

is that right or does it need to show me the address of my current page which

Code:

header('Location: ' . $_SERVER['REQUEST_URI']);

is pointing at?!!!

and regarding the security i definitely need to get back to you as soon as i get this actually work. and guess what? i have no clue about that either but the good fact is that i learn as fast as a skyrocket

cheers,

[BabblingIdjit]

The fact that your files are in different directories will not cause that error message. The error message means that something - header, whitespace, output - something has been sent to the browser before the header(...). Nothing else will throw that particular error.

By any chance, are you saving the .php files in utf-8? It could be placing a BOM marker which would not be readily visible, but would still be there.

If not, it is definitely some output to the browser from either the main .php file, or one of the included files.

The status bar will not be showing you the location of the redirect. That is handled server-side by php, not client-side.

[Adler80]

oh you are a genius babblingidjit

well, when i want to log in to my database in my server host website, when i'm entering my username and password there is a language option too and by default it is set to uft-8. are you saying that causes all the trouble? if thats the case, how i can fix it?!

thanks

Adler

[Adler80]

i just checked my database, its collation is set to utf-8 should i delet it and make a new one?

[BabblingIdjit]

No, the database collation is not causing the problem. It's actually only a problem when the files are uploaded to your server.

Assuming you are developing the files on your local system and uploading them to the server, just ensure that the files are saved in ASCII mode and uploaded in ASCII mode.

I don't know how you're uploading the files, but most FTP programs allow you to set this option.

[BabblingIdjit]

I should add that considering your location, you will probably need your database collation as utf-8, in order to properly store the characaters in your language.

[Adler80]

well, i was using microsoft expression to publish my files since thats wot i use to edit my site and pages. but just to make sure i just uploaded them again with filezilla and set the transfer type to ascii but still the same

[BabblingIdjit]

Well if there is no whitespace, newline or BOM outside of the opening/closing tags, then there's something being output somewhere in the files before that line.

You can post the contents of all 3 files if you'd like, but be sure to replace any sensitive data (passwords, system paths, etc) with dummy data first.