...

View Full Version : Problem with PHP headers, boo!



karlosio
12-11-2008, 04:34 AM
Hi I've set up a basic registration script (testform.php) through the help of reading this post http://codingforums.com/showthread.php?t=132330 Thanks, it really helped me out a lot reading that :)

I've modified it slightly, and due to javascript form validation being used first on the form, I decided to try including another page in the script (success.php) to show when the form is successfully submitted (to stop the javascript errors appearing).

However just for security, I dont want users to enter success.php into the browser directly, so I tried to set up a header to go back to the testform if the $username variable is not set. But the header doesnt seem to work, even though I've put it at the top of the success.php file. I get this error:



Warning: Cannot modify header information - headers already sent by (output started at C:\Program Files\xampp\htdocs\sites\mysite\jscourse\success.php:1) in C:\Program Files\xampp\htdocs\sites\mysite\jscourse\success.php on line 3


Heres the code for the pages, starting with testform.php



<?php
$server = 'localhost';
$user = 'root';
$pw = '';
$db = 'test';

$conn = @mysql_connect($server,$user,$pw) or die('CONNECTION ERROR: '.mysql_error());
@mysql_select_db($db,$conn) or die('DATABASE ERROR: '.mysql_error());

function usernameTaken($username,&$conn)
{
if(get_magic_quotes_gpc())
{
$username = stripslashes($username);
}
$username = mysql_real_escape_string($username);
$q = "SELECT username FROM testtable WHERE username = '$username'";
$result = mysql_query($q,$conn);
return (mysql_num_rows($result) > 0);
}

$error_stat = 0;
$message = '';

if(isset($_POST['submit']))
{
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$email = mysql_real_escape_string($_POST['email']);
$country = $_POST['country'];

// basic error checking - will update honest :)
if(empty($username)) {
$error_stat = 1;
$message = "<p>Username field must not be empty</p>";
}

if(usernameTaken($username,$conn))
{
$error_stat = 1;
$message = "<p>Username is already taken, please choose another one</p>";
}

// run query if no errors occur ($error_stat == 0)
if($error_stat == 0)
{
$md5password = md5($password);
mysql_query("INSERT INTO testtable (username, password, email, countryId, date) VALUES ('$username','$md5password','$email', $country, now())");
include('success.php');
/*
ORIGINAL FROM POST MENTIONED
echo "<h2>Registration successfull!</h2>";
echo "<p>Congratulations <strong>$username</strong>, Your account has not been created with the following details:</p>";
echo "<p>Username: $username</p>";
echo "<p>Password: $password</p>";
echo "<p>Email: $email</p>";

echo "<p>You may now login.</p>";
*/
}
}

// then only display the page if the form hasnt been submitted yet or if error_stat == 1
if(!isset($_POST['submit']) || $error_stat == 1)
{
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Test Registration</title>
<style type="text/css">
* {
font-family: "Century Gothic", Arial, Tahoma, sans-serif;
font-size: 12px;
}
#error p
{
color: red;
font-weight: bold;
}
</style>
<script type="text/javascript" src="validate.js"></script>
</head>

<body>
<!-- Javascript validation errors or the PHP errors go in the div below :) -->
<div id="error"><?=$message?></div>
<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>" id="form1" onsubmit="return validate();">
<table border="0" cellpadding="5" cellspacing="0">
<tr>
<td><label for="username">Username:</label></td>
<td><input type="text" name="username" id="username" size="32" value="<?php echo $username;?>" /></td>
</tr>
<tr>
<td><label for="password">Password:</label></td>
<td><input type="password" name="password" id="password" size="32" value="" /></td>
</tr>
<tr>
<td><label for="email">Email:</label></td>
<td><input type="text" name="email" id="email" size="32" value="<?php echo $email;?>" /></td>
</tr>
<tr>
<td><label for="country">From:</label></td>
<td>
<select name="country" id="country">
<option value="">Choose...</option>
<option value="1">England</option>
<option value="2">Scotland</option>
<option value="3">Wales</option>
<option value="4">N Ireland</option>
</select>
</td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" name="submit" id="submit" value="Register" /></td>
</tr>
</table>
</form>
</body>
</html>
<?php
}
?>


and the problem success.php



<?php
// this DOESNT WORK :(
if(!$username){
header('Location: testform.php');
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Success!</title>
<style type="text/css">
* {
font-family: "Century Gothic", Arial, Tahoma, sans-serif;
font-size: 12px;
}
#error p
{
color: red;
font-weight: bold;
}
</style>
</head>

<body>
<h2>Registration successfull!</h2>
<p>Congratulations <strong><?php echo $username;?></strong>, Your account has not been created with the following details:</p>
<p>Username: <?php echo $username;?></p>
<p>Password: <?php echo $password;?></p>
<p>Email: <?php echo $email;?></p>

<p>You may now login.</p>
</body>
</html>


just one other thing, is there anyway I can set up the select form field in testform.php to let PHP remember what was selected (like what I've got for the values for the username, email fields), at the moment if I try to enter a username that is already taken it doesnt remember what ive selected in that menu, im not sure what I need to do here. :( It will be turned into a select menu from a table in the mysql database showing country names instead of the static ones at the moment.

Fumigator
12-11-2008, 04:52 AM
Your first problem can be remedied with use of the function ob_start(), which is "output buffer start", which basically redirects all output to a buffer instead of directly to the output stream. When the header() function is called with output in the buffer, it bypasses the problem of output already started because it hasn't really started; it's in the buffer.

You could also just kill the script at that point, as any user who has the temerity to type in success.php in the URL is probably being mischievous and deserves nothing more than a blank page.

As for priming a select value, a popular method is the use of the ternary operator, which is a short-hand version of "if".

http://us3.php.net/manual/en/language.operators.comparison.php

The goal is to place the string selected="selected" on the option that is selected. Once you get your database info set up this will be part of your loop but with the hard-coded values you have to check the selected value and echo that parameter if you find a match on every option. Example:



<select name="country" id="country">
<option value="">Choose...</option>
<option value="1" <?php echo ($_POST['country'] == "1" ? 'selected="selected"' : ''); ?> >England</option>
<option value="2" <?php echo ($_POST['country'] == "2" ? 'selected="selected"' : ''); ?> >Scotland</option>
<option value="3" <?php echo ($_POST['country'] == "3" ? 'selected="selected"' : ''); ?> >Wales</option>
<option value="4" <?php echo ($_POST['country'] == "4" ? 'selected="selected"' : ''); ?> >N Ireland</option>
</select>

CFMaBiSmAd
12-11-2008, 04:56 AM
Just read the error message and find and fix what it says the problem is. The only relevant file is success.php -
(output started at C:\Program Files\xampp\htdocs\sites\mysite\jscourse\success.php:1)You either have some characters at line one in the file before the <?php tag or the file has been saved in UTF-8 encoding and the BOM (Byte Order Mark) characters that your editor put at the start of the file is the output that is preventing the headers from working.

Remove any characters in the file before the <?php tag and save the file as ANSI/ASCII or if you must save it as UTF-8, disable the BOM characters in your editor.

karlosio
12-11-2008, 05:21 AM
Thanks for the quick reply, I tried removing the BOM signature from my editor (dreamweaver) and its now working thanks CFMaBiSmAd :)

Also thanks Fumigator for the answer to the question on the select field, would it be possible if you could show me an example on how this would work it it went through a loop, like you mentioned, from a mysql database table?

Fumigator
12-11-2008, 04:10 PM
would it be possible if you could show me an example on how this would work it it went through a loop, like you mentioned, from a mysql database table?

You will be building your <option> tags using a loop, as you fetch rows from your resultset. The popular looping mechanism everyone uses is "while" but I like "for" loops.



$query = "SELECT country_code, country_name FROM blah...";
$result = mysql_query($query);
if (!$result) {
die("Query Error in $query<br>".mysql_error());
}
for ($i = 0; $i < mysql_num_rows($result); $i++) {
$countryRow = mysql_fetch_array($result);
echo "<option value=\"{$countryRow['country_code']}\" " . ($_POST['country'] == $countryRow['country_code'] ? 'selected="selected"' : '') . ">{$countryRow['country_name']}</option>\n";
}

karlosio
12-11-2008, 06:46 PM
Thanks once again for your help, just what I needed cheers :)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum