Page 1 of 1

Header (location ) problem

Posted: Tue Mar 16, 2010 3:25 pm
by cap2cap10
Greeting php technorati. I again face another perplexing issue. I cant get my code to redirect user to another page :banghead: . Here is the code:

Code: Select all

<?php
 
if (isset($_POST['submitting']))
{
 $bossID = $_POST['bossID'];
 $candidateID = $_POST['candidateID'];
 $FName = $_POST['FName'];
 $LName = $_POST['LName'];
 $category = $_POST['category'];
 $years_exp = $_POST['years_exp'];
 $degree = $_POST['degree'];
 
 // Connect to server and select databse.
require 'open_db.php';
 
mysql_query("INSERT INTO my_saves (bossID, candidateID, FName, LName, category, years_exp, degree)
VALUES ('$bossID', '$candidateID', '$FName', '$LName', '$category', '$years_exp', '$degree') ") or die(mysql_error());
 
 
header("Location: my_saves.php");
 
}
 
?>
 
It performs the addition to the database, but it just stays on a blank page?
Can some one show me the error of my thinking?

As always , thanks in advance,

Batoe

Re: Header (location ) problem

Posted: Tue Mar 16, 2010 3:33 pm
by John Cartwright
Try changing

Code: Select all

<?php
 
if (isset($_POST['submitting']))
{
to

Code: Select all

<?php
 
ini_set('display_errors', true);
error_reporting(E_ALL);
 
if (isset($_POST['submitting']))
{
It sounds like there is some output prior to the header redirect (even whitespace counts). On a related note, you should include an exit(); immediately after the header("Location: .."); to avoid furthur execution of the script.

Re: Header (location ) problem

Posted: Tue Mar 16, 2010 6:09 pm
by cap2cap10
Ok, I added the error checker and did what you said, but I got the same result. I revised the code to this:

Code: Select all

<?php
ini_set('display_errors', true);
 error_reporting(E_ALL);
 
if (isset($_POST['submitting']))
{
 $bossID = $_POST['bossID'];
 $candidateID = $_POST['candidateID'];
 $FName = $_POST['FName'];
 $LName = $_POST['LName'];
 $category = $_POST['category'];
 $years_exp = $_POST['years_exp'];
 $degree = $_POST['degree'];
 
 // Connect to server and select databse.
require 'open_db.php';
$my_saves = mysql_query("SELECT * FROM my_saves ")
or die(mysql_error());
$info_1 = mysql_fetch_array( $my_saves );
 
//Stops duplicates from occuring I hope.
If($info_1['bossID'] == $_POST['bossID'] && $info_1['candidateID'] == $_POST['candidateID']){
 
header("Location: my_saves.php");
}
elseIf($info_1['bossID'] != $_POST['bossID'] && $info_1['candidateID'] != $_POST['candidateID']) {
mysql_query("INSERT INTO my_saves (bossID, candidateID, FName, LName, category, years_exp, degree)
VALUES ('$bossID', '$candidateID', '$FName', '$LName', '$category', '$years_exp', '$degree') ") or die(mysql_error());
 
header("Location: my_saves.php") or exit(can't redirect!);
}
 
?>
let me know what you think!
Thanks in advance,


Batoe

Re: Header (location ) problem

Posted: Tue Mar 16, 2010 7:16 pm
by flying_circus
It's hard to tell without seeing the rest of your code. If you are submitting your form without an element named "submitting" then you are not even processing your block of code.

Thou shalt always check wether your data exists before referencing it.
Thou shalt always validate your form data before using it.
Thou shalt always escape every bit of data before runing it through a SQL query.
Thou shalt always follow a redirect header with an exit call, to stop script execution.
Thou shalt use require_once or include_once instead of require or include.
Thou shalt use mysqli extension rather than mysql, where available.
Thou shalt use code=php blocks when posting PHP code to devnetwork.
:mrgreen:

Code: Select all

<?php
  # Enable Error Reporting
    ini_set('display_errors', true);
    error_reporting(E_ALL);
    
  # Check if this is a POST
    if(isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) == "post")
    {
    # Includes
      require_once('open_db.php');
      
    # Fetch POST vars
      $bossID = isset($_POST['bossID']) ? $_POST['bossID'] : '';
      $candidateID = isset($_POST['candidateID']) ? $_POST['candidateID'] : '';
      $FName = isset($_POST['FName']) ? $_POST['FName'] : '';
      $LName = isset($_POST['LName']) ? $_POST['LName'] : '';
      $category = isset($_POST['category']) ? $_POST['category'] : '';
      $years_exp = isset($_POST['years_exp']) ? $_POST['years_exp'] : '';
      $degree = isset($_POST['degree']) ? $_POST['degree'] : '';
      
    # Validate POST vars here
      // To Do: Add validation.
      // If $bossID is supposed to be an integer, make sure that it is!  Check your data types!
      if(!is_int($bossID))
        exit('$bossID is expected to be an integer.  ' . gettype($bossID) . ' given.');
      
    # Connect to database and query for duplicate entry, escaping all values to prevent SQL Injection.
      $my_saves = mysql_query(sprintf("SELECT * FROM `my_saves` WHERE `bossID`='%s' AND `candidateID`='%s' LIMIT 1;",
                                      mysql_real_escape_string($bossID),
                                      mysql_real_escape_string($candidateID))) or die(mysql_error());
                                      
    # If duplicate entry, bodyslam the request into oblivian (Comment with a little more swagger)
      if(mysql_numrows($my_saves) > 0) {
        header("Location: my_saves.php");
        exit();
      }
      
    # Insert new record, escaping all values to prevent SQL Injection.
      mysql_query(sprintf("INSERT INTO `my_saves` (`bossID`, `candidateID`, `FName`, `LName`, `category`, `years_exp`, `degree`) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s');",
                          mysql_real_escape_string($bossID),
                          mysql_real_escape_string($candidateID),
                          mysql_real_escape_string($FName),
                          mysql_real_escape_string($LName),
                          mysql_real_escape_string($category),
                          mysql_real_escape_string($years_exp),
                          mysql_real_escape_string($degree))) or die(mysql_error());
                          
    # Redirect
      header("Location: my_saves.php") or exit("can't redirect!");
      exit();
    }
?>