Page 1 of 1
'Undefined index' error in some PCs and not in others
Posted: Wed Mar 03, 2004 1:55 am
by serap
Everything works fine on my three PCs, also from other people which I have let them test (from different countries). But when my brother tests it Im get the following, this happens each time he makes an action that deals with the php code, db etc. We have checked that we have the exact same version of Explorer. Why is it happening due to firewalls or? Cookies are Enabled on his PC..? Im going nuts on this and cant debug it really cuz I have no error on my pc? There is nothing send to the browser either.
Notice: Undefined index: HTTP_REFERER in /customers/serapsungur.com/serapsungur.com/httpd.www/new_whynot/cart1.php on line 65
Warning: Cannot modify header information - headers already sent by (output started at /customers/serapsungur.com/serapsungur.com/httpd.www/new_whynot/cart1.php:65) in /customers/serapsungur.com/serapsungur.com/httpd.www/new_whynot/cart1.php on line 65
thanks,
Serap
Posted: Wed Mar 03, 2004 2:00 am
by markl999
$_SERVER['HTTP_REFERER'] isn't always set, for example if you go direct to a page without clicking a link, the referer won't be set.
Posted: Wed Mar 03, 2004 2:04 am
by m3mn0n
Post code...most likely it requires
register_globals On
If you want a quick fix, turn them on within his
php.ini config file.
This issue is discussed further
here.
Posted: Wed Mar 03, 2004 2:55 am
by JayBird
is the script always on the same server, or do you mean you are testing the script running on these different machines? if so, are they all running the same version of PHP?
Mark
Posted: Wed Mar 03, 2004 3:13 am
by serap
The site is ALWAYS on the same server, the only difference is the PCs and browsers. So it can not be something with thw php.ini file or any other server related issues. Im new on php but this is what my logic tells me...And we start on the same page over the phone he gets the error I dont...??
Posted: Wed Mar 03, 2004 4:26 am
by Wayne
Does your brothers machine go through a proxy server or firewall to access the internet? These can be configured to remove http_referer headers in your http request!
Posted: Wed Mar 03, 2004 4:45 am
by serap
Yes I think so - they have a firewall setup by their service provider. The thing is that he can add new items (updating the DB) but with the error each time php is called. If that is problem how do you usually solve it with so many combinations out there?? And let them test bigger sites - you name it - to check their cookie settings that works fine.
Thanks,
Serap
Posted: Wed Mar 03, 2004 4:52 am
by JayBird
can we see the code of cart1.php
Mark
Posted: Wed Mar 03, 2004 5:00 am
by serap
Here is the code (from the clasic Macromedia example) :
and line 65 is removeItem...
Code: Select all
<?php
include("db2.php");
error_reporting(E_ALL);
switch($action)
{
case "add_item":
{
AddItem($id, $qty, $color);
break;
}
case "update_item":
{
UpdateItem($_GET["id"], $_GET["qty"],$_GET["colorid"]);
ShowCart();
break;
}
case "remove_item":
{
RemoveItem($_GET["id"], $_GET["color"]);
ShowCart();
break;
}
default:
{
ShowCart();
}
}
function AddItem($id, $qty, $color)
{
$cookieId = GetCartId();
$result = mysql_query("select count(*) from cart where itemId=$id and color='$color' and cookieId='" . GetCartId() . "' ");
$row=mysql_fetch_row($result);
$check_result=$row[0];
if ($check_result== 0)
{
@mysql_query("insert into cart(cookieId, itemId, qty, color)
values('" . GetCartId() . "', $id, $qty, '$color' )");
header("location: ".$_SERVER["HTTP_REFERER"]);
}
else
{
UpdateItem($id, $qty);
header("location: ".$_SERVER["HTTP_REFERER"]);
}
}
function UpdateItem($itemId, $qty)
{
//echo "update item";
//echo $_SERVER['HTTP_REFERER'];
}
function RemoveItem($itemId, $color)
{
@mysql_query("delete from cart where itemId=$itemId and color='$color' and cookieId='" . GetCartId() . "' ");
header("location: ".$_SERVER["HTTP_REFERER"]);
}
function ShowCart()
{
//to be filled
}
}
?>
EDITED BY BECH100: ADDED PHP TAGS - PLEASE REMEMBER TO DO IT YOURSELF, EASIER TO READ
Posted: Wed Mar 03, 2004 5:05 am
by JayBird
is the error always from line 65? This (from what i can see) occurs when an item is removed. What about when an item is added.
HTTP_REFERER is used in other places, do they generate the error too?
Mark
Posted: Wed Mar 03, 2004 5:17 am
by serap
Yes it does each time it hits the
header("location: ".$_SERVER["HTTP_REFERER"]); - but only from his machine!...it talks with the DB though...
Thanks for responses by the way...
Posted: Wed Mar 03, 2004 5:22 am
by Wayne
It sounds llike it is there firewall blocking the HTTP_REFERER header being passed to your server, if you dont put the line
error_reporting(E_ALL);
in, it should be ok, but if the is no HTTP_REFERER variable set you are not going to have anywhere for the header to redirect you to, you might want to check that it contains a value or default it to something!
Posted: Wed Mar 03, 2004 5:24 am
by JayBird
found this
$_SERVER['HTTP_REFERER'] should not be used.. often times user behind a
proxy are configure not to submit http_referer
note.. rfc2616
15.1.3 Encoding Sensitive Information in URI's
Because the source of a link might be private information or might
reveal an otherwise private information source, it is strongly
recommended that the user be able to select whether or not the
Referer field is sent. For example, a browser client could have a
toggle switch for browsing openly/anonymously, which would
respectively enable/disable the sending of Referer and From
information.
Clients SHOULD NOT include a Referer header field in a (non-secure)
HTTP request if the referring page was transferred with a secure
protocol.
Authors of services which use the HTTP protocol SHOULD NOT use GET
based forms for the submission of sensitive data, because this will
cause this data to be encoded in the Request-URI. Many existing
servers, proxies, and user agents will log the request URI in some
place where it might be visible to third parties. Servers can use
POST-based form submission instead
you could store $url = $_SERVER['http_host'] . $_SERVER['request_uri'];
as an array in your session var... or you could use a cookie by
unserialize($cookie); push($cookie[0],$url); serialize($cookie); (or
something like that.. ) either way you will have an array of visited
urls.. much like the javascript history method..
Posted: Wed Mar 03, 2004 6:25 am
by serap
But I understand from your replies that the
$_SERVER["HTTP_REFERER"]
can not be trusted at all? then when making a site with PHP - this is my first site with PHP.
The problem is that when a user makes an add_item I have to get back to the caller site...so if I use (in caller site)
$url = $_SERVER['http_host'] . $_SERVER['request_uri'];
I will post $url..to cart1.php
and in cart1.php use:
header("location: "$url"]);
Do you guys never use $_SERVER["HTTP_REFERER"] then on your sites??
(how does all other sites handle it ex. amazon? )
And how can you protect you code then from firewall blockings?
thanks,
Serap