Header (location ) problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
cap2cap10
Forum Contributor
Posts: 158
Joined: Mon Apr 14, 2008 11:06 pm

Header (location ) problem

Post by cap2cap10 »

Greeting php technorati. I again face another perplexing issue. I cant get my code to redirect user to another page :banghead: . Here is the code:

Code: Select all

<?php
 
if (isset($_POST['submitting']))
{
 $bossID = $_POST['bossID'];
 $candidateID = $_POST['candidateID'];
 $FName = $_POST['FName'];
 $LName = $_POST['LName'];
 $category = $_POST['category'];
 $years_exp = $_POST['years_exp'];
 $degree = $_POST['degree'];
 
 // Connect to server and select databse.
require 'open_db.php';
 
mysql_query("INSERT INTO my_saves (bossID, candidateID, FName, LName, category, years_exp, degree)
VALUES ('$bossID', '$candidateID', '$FName', '$LName', '$category', '$years_exp', '$degree') ") or die(mysql_error());
 
 
header("Location: my_saves.php");
 
}
 
?>
 
It performs the addition to the database, but it just stays on a blank page?
Can some one show me the error of my thinking?

As always , thanks in advance,

Batoe
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Header (location ) problem

Post by John Cartwright »

Try changing

Code: Select all

<?php
 
if (isset($_POST['submitting']))
{
to

Code: Select all

<?php
 
ini_set('display_errors', true);
error_reporting(E_ALL);
 
if (isset($_POST['submitting']))
{
It sounds like there is some output prior to the header redirect (even whitespace counts). On a related note, you should include an exit(); immediately after the header("Location: .."); to avoid furthur execution of the script.
User avatar
cap2cap10
Forum Contributor
Posts: 158
Joined: Mon Apr 14, 2008 11:06 pm

Re: Header (location ) problem

Post by cap2cap10 »

Ok, I added the error checker and did what you said, but I got the same result. I revised the code to this:

Code: Select all

<?php
ini_set('display_errors', true);
 error_reporting(E_ALL);
 
if (isset($_POST['submitting']))
{
 $bossID = $_POST['bossID'];
 $candidateID = $_POST['candidateID'];
 $FName = $_POST['FName'];
 $LName = $_POST['LName'];
 $category = $_POST['category'];
 $years_exp = $_POST['years_exp'];
 $degree = $_POST['degree'];
 
 // Connect to server and select databse.
require 'open_db.php';
$my_saves = mysql_query("SELECT * FROM my_saves ")
or die(mysql_error());
$info_1 = mysql_fetch_array( $my_saves );
 
//Stops duplicates from occuring I hope.
If($info_1['bossID'] == $_POST['bossID'] && $info_1['candidateID'] == $_POST['candidateID']){
 
header("Location: my_saves.php");
}
elseIf($info_1['bossID'] != $_POST['bossID'] && $info_1['candidateID'] != $_POST['candidateID']) {
mysql_query("INSERT INTO my_saves (bossID, candidateID, FName, LName, category, years_exp, degree)
VALUES ('$bossID', '$candidateID', '$FName', '$LName', '$category', '$years_exp', '$degree') ") or die(mysql_error());
 
header("Location: my_saves.php") or exit(can't redirect!);
}
 
?>
let me know what you think!
Thanks in advance,


Batoe
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: Header (location ) problem

Post by flying_circus »

It's hard to tell without seeing the rest of your code. If you are submitting your form without an element named "submitting" then you are not even processing your block of code.

Thou shalt always check wether your data exists before referencing it.
Thou shalt always validate your form data before using it.
Thou shalt always escape every bit of data before runing it through a SQL query.
Thou shalt always follow a redirect header with an exit call, to stop script execution.
Thou shalt use require_once or include_once instead of require or include.
Thou shalt use mysqli extension rather than mysql, where available.
Thou shalt use code=php blocks when posting PHP code to devnetwork.
:mrgreen:

Code: Select all

<?php
  # Enable Error Reporting
    ini_set('display_errors', true);
    error_reporting(E_ALL);
    
  # Check if this is a POST
    if(isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) == "post")
    {
    # Includes
      require_once('open_db.php');
      
    # Fetch POST vars
      $bossID = isset($_POST['bossID']) ? $_POST['bossID'] : '';
      $candidateID = isset($_POST['candidateID']) ? $_POST['candidateID'] : '';
      $FName = isset($_POST['FName']) ? $_POST['FName'] : '';
      $LName = isset($_POST['LName']) ? $_POST['LName'] : '';
      $category = isset($_POST['category']) ? $_POST['category'] : '';
      $years_exp = isset($_POST['years_exp']) ? $_POST['years_exp'] : '';
      $degree = isset($_POST['degree']) ? $_POST['degree'] : '';
      
    # Validate POST vars here
      // To Do: Add validation.
      // If $bossID is supposed to be an integer, make sure that it is!  Check your data types!
      if(!is_int($bossID))
        exit('$bossID is expected to be an integer.  ' . gettype($bossID) . ' given.');
      
    # Connect to database and query for duplicate entry, escaping all values to prevent SQL Injection.
      $my_saves = mysql_query(sprintf("SELECT * FROM `my_saves` WHERE `bossID`='%s' AND `candidateID`='%s' LIMIT 1;",
                                      mysql_real_escape_string($bossID),
                                      mysql_real_escape_string($candidateID))) or die(mysql_error());
                                      
    # If duplicate entry, bodyslam the request into oblivian (Comment with a little more swagger)
      if(mysql_numrows($my_saves) > 0) {
        header("Location: my_saves.php");
        exit();
      }
      
    # Insert new record, escaping all values to prevent SQL Injection.
      mysql_query(sprintf("INSERT INTO `my_saves` (`bossID`, `candidateID`, `FName`, `LName`, `category`, `years_exp`, `degree`) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s');",
                          mysql_real_escape_string($bossID),
                          mysql_real_escape_string($candidateID),
                          mysql_real_escape_string($FName),
                          mysql_real_escape_string($LName),
                          mysql_real_escape_string($category),
                          mysql_real_escape_string($years_exp),
                          mysql_real_escape_string($degree))) or die(mysql_error());
                          
    # Redirect
      header("Location: my_saves.php") or exit("can't redirect!");
      exit();
    }
?>
Post Reply