Cannot modify header information - headers already sent

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: Cannot modify header information - headers already sent

Post by VladSun »

Jade wrote:The problem with setting it in a session is that you're then sending that information back and forth over the internet in packets. If you're going to keep doing that then I suggest you encrypt everything.
@Jade - $_SESSION is server-side data...

@tua1 - keeping DB connection parameters in $_SESSION ... doesn't make any sense. Why would you want to do this? Jade's suggestion is far better :)
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
Jade
Forum Regular
Posts: 908
Joined: Sun Dec 29, 2002 5:40 pm
Location: VA

Re: Cannot modify header information - headers already sent

Post by Jade »

Yes, session data is server side but it's still sent back and forth in packets when you initially set the values....
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Cannot modify header information - headers already sent

Post by onion2k »

Jade wrote:Yes, session data is server side but it's still sent back and forth in packets when you initially set the values....
No it isn't. A cookie with the session id is sent to the user once when they first hit the page and their session starts, but after that no session information is ever sent to the client.
User avatar
Jade
Forum Regular
Posts: 908
Joined: Sun Dec 29, 2002 5:40 pm
Location: VA

Re: Cannot modify header information - headers already sent

Post by Jade »

Ahh. My bad. Still not a good idea to store DB info in a session imo.
tua1
Forum Commoner
Posts: 28
Joined: Thu May 15, 2008 9:30 pm

Re: Cannot modify header information - headers already sent

Post by tua1 »

Thank you very much for yours explanations.

I have another problem with my site.

Anybody who enters my site connect with database with a default user:

Code: Select all

 
<?php $host = "localhost";
$user = "test";
$pass = "test";
$dbname = "shop";
 
$connection = mysql_connect($host,$user,$pass) or die (mysql_errno().": ".mysql_error()."<BR>");
mysql_select_db($dbname); ?>
 
I have specified privileges for user "test" in phpmyadmin: select and insert.

Witout registration, the guest (test) user cannot buy anything, etc.
In my register.php I want to grant additional privileges for registered user(select, insert, update, delete) ex:

Code: Select all

$query3= "GRANT SELECT, INSERT, UPDATE, DELETE "
    ."ON shop.* "
    ."TO ".$arVals['login']." IDENTIFIED BY ".$arVals['pass1']."; "
.
.
.
.
$result1 = mysql_query($query3) or die("Invalid query: " . mysql_error() . "<br><br>". $query3);

But for this I have to add grant privilege for user test, which is not safe:/

I don't know what I have do with this problem.

I hope you understand me.

Any advice??

Regards
Last edited by tua1 on Tue May 20, 2008 9:35 am, edited 1 time in total.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Cannot modify header information - headers already sent

Post by onion2k »

Don't add a new MySQL user for every user in your site. That's crazy, and completely unnecessary. Ideally you want 2 MySQL users - one basic one that can only select things (your test user), and another higher level one that has more privs for registered users. When the script runs choose which user to connect to the database with depending on the current site user's session.

Most people don't bother with that mind you and just use 1 MySQL user with all the necessary privs. It's a lot easier to code.
tua1
Forum Commoner
Posts: 28
Joined: Thu May 15, 2008 9:30 pm

Re: Cannot modify header information - headers already sent

Post by tua1 »

onion2k wrote:Don't add a new MySQL user for every user in your site. That's crazy, and completely unnecessary. Ideally you want 2 MySQL users - one basic one that can only select things (your test user), and another higher level one that has more privs for registered users. When the script runs choose which user to connect to the database with depending on the current site user's session.

Most people don't bother with that mind you and just use 1 MySQL user with all the necessary privs. It's a lot easier to code.
Thanks for your reply, so test user privileges: select, insert, update, delete <- this is a easiest way.

And maybe if I want 2 user, basic test(select, insert), and registered(select, insert, update, delete) I can do if statement that check if user is logged in, and if true change the values of connection.php

Am I right?

Regards
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Cannot modify header information - headers already sent

Post by Christopher »

You understand that by creating different MySQL users that you are protecting yourself from yourself, not protecting your self from your users. These user privileges limit the SQL statements that your code can execute. If you want to use a different user with less privileges for the main code than in the admin area, then you are simply protecting yourself from doing something stupid in the main code.

If you don't want the users to be able to perform certain functions, you will need to program that Access Control into your program.
(#10850)
tua1
Forum Commoner
Posts: 28
Joined: Thu May 15, 2008 9:30 pm

Re: Cannot modify header information - headers already sent

Post by tua1 »

Thanks for your reply.
Post Reply