PHP Error... Urgent!!
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: PHP Error... Urgent!!

  1. #1
    Senior Member
    Join Date
    Jun 2003
    Posts
    219

    Question PHP Error... Urgent!!

    Hi guys,y

    Again I am in trouble, this time with PHP....

    I am getting the following error on my browser:

    Warning: Cannot modify header information - headers already sent by (output started at /home/site/public_html/index.php:5) in /home/site/public_html/getresult.inc on line 13

    I checked out on Google, everywhere it says that there must be some extra spaces in the code. But I checked out there are no extra spaces.

    The PHP file is containing the HTML code also.
    <BODY vLink=#669900 aLink=#669900 link=#669900 background="bg.jpg" topMargin=0>
    <?php include("getresult.inc");?>
    <form ACTION.........

    In getresult.nic, line 13 is having a header line:
    header("Location: main.htm");

    Can anyone help please.

    Its Urgent!!!!
    Now is the moment, or NEVER!!!

  2. #2
    Senior Member
    Join Date
    Jun 2003
    Posts
    219
    I am not sure in which file the error is.
    Now is the moment, or NEVER!!!

  3. #3
    Member omin's Avatar
    Join Date
    Feb 2002
    Posts
    60
    I checked out on Google, everywhere it says that there must be some extra spaces in the code. But I checked out there are no extra spaces.
    It is not just spaces. ANY output sent before the 'header("Location: main.htm");' will stop it working, even your '<BODY...' tag. A header redirect must be the VERY FIRST output sent to the browser or it will not work (and give you a 'Warning: Cannot modify header information - headers already sent by' error).

    One of the ways round this is to build all your HTML in a PHP variable and only output it (right at the end of all your code) IF you are not going to redirect.

    For a better and more complete explanation of headers and the header() command this page should help.


    omin
    \"Clouds are not spheres, mountains are not cones, coastlines are not circles, and bark is not smooth,
    nor does lightning travel in a straight line.\" -Benoit Mandelbrot

  4. #4
    Senior Member
    Join Date
    Jun 2003
    Posts
    219
    I am facing a strange problem now. When I enter my login/ password first time it gives me the error. But when I enter again, it redirects to the correct page. But the page is not displayed, it says, HTTP 405 - Resource not Found.

    And when I refresh the page, it opens up.

    Cant I get rid of HTTP 405 error page (coming in between) and get my page in first attempt?
    Now is the moment, or NEVER!!!

  5. #5
    Member omin's Avatar
    Join Date
    Feb 2002
    Posts
    60
    It is very difficult to know without seeing more of your code. Any chance of posting all relevant pages here?

    I've gotta go to bed now (2am and only 3 hours sleep in the last 2 days) but if you post the code I'll have a look as soon as possible.

    omin
    \"Clouds are not spheres, mountains are not cones, coastlines are not circles, and bark is not smooth,
    nor does lightning travel in a straight line.\" -Benoit Mandelbrot

  6. #6
    Senior Member
    Join Date
    Jun 2003
    Posts
    219
    Hi omin

    index.php
    <?php include("validateForm.inc"); ?>
    <?php include("getresult.inc");?><HTML>
    <HEAD><TITLE>::Yuva Executive::</TITLE>
    </HEAD>
    <BODY vLink=#669900 aLink=#669900 link=#669900 background="bg.jpg" topMargin=0>
    <form name="saveform" METHOD="POST" align="center">
    <TABLE cellSpacing=0 cellPadding=0 width=700 align=center border=0>
    <TBODY>
    ...
    ....
    ...
    <TD align="middle"><INPUT TYPE="button" NAME="FormsButton2" VALUE="Go" ONCLICK="validateForm()" style="BORDER-RIGHT: #333300 1px solid; BORDER-TOP: #333300 1px solid; FONT-SIZE: 8pt; BORDER-LEFT: #333300 1px solid; COLOR: #ffffff; BORDER-BOTTOM: #333300 1px solid; FONT-FAMILY: Verdana; BACKGROUND-COLOR: #6f8e4a"></TD></TR></TBODY></TABLE></TD>

    getresult.inc
    <?php
    if (isset($password))
    {
    include("connect2db.php");
    $username = $HTTP_POST_VARS['username'];
    $password = $HTTP_POST_VARS['password'];
    $qstr = "SELECT * from members_login where memberid='$username' and password ='$password'";
    $result = mysql_query($qstr);
    if (mysql_num_rows($result))
    header("Location: main.htm");
    else echo "<font color=#ff0000><Center><b>**Failed Login**</b></Center></font>";
    mysql_close();
    }
    ?>

    valdiateForm.inc (in txt format) is attached.

    Please help me.

    Thanks.
    Riya
    Now is the moment, or NEVER!!!

  7. #7
    Member omin's Avatar
    Join Date
    Feb 2002
    Posts
    60
    Hi riya

    From what I can see (anyone else on this site please correct me if I'm wrong), you are having this problem because you are still sending data to the browser berfore your redirect. Only in this case the data you are sending is javascript (js still needs to be sent to the browser before it can be run).
    You could try including your validation js AFTER you include getresults.inc.

    This may do the trick but you need to adress a few other things that are just (if not more) important...

    You should NEVER have your primary validation done in js. This is a HUGE security issue because it is executed client side, not server side and therefore cannot be trusted. ALL validation should be done server side.
    It is fine to have some validation done in js but only for cosmetic reasons (being able to display a nice popup). If you do this it should still ALWAYS be followed up by server side validation.

    As well as being server side, your validation should be much more stringent. With the sort of validation you have carried out, even if the equivalent was done sever side, it would be a simple matter to carry out an SQL injection attack and there goes your DB... an attacker would be able to retrieve your data or even erase the contents of your DB.

    As you can imagine, this is NOT A GOOD THING™.

    The basics of protecting against SQL injection attacks require verifying data or stripping or modifying all unsafe characters from any user input that is used in an SQL operation.
    A quick trip to google provided this link which seems to be a good explanation of SQL injection attacks and methods for preventing them. If you plan on doing any serious PHP you MUST be aware of these issues.

    I hope this helps.


    omin
    \"Clouds are not spheres, mountains are not cones, coastlines are not circles, and bark is not smooth,
    nor does lightning travel in a straight line.\" -Benoit Mandelbrot

  8. #8
    Senior Member
    Join Date
    Jun 2003
    Posts
    219
    Thanks omin, it worked!!!

    I am so glad...
    Now is the moment, or NEVER!!!

  9. #9
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's

    Riya just one advise.. Although your problem is solved its better if you take off the code and the file out of here..
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  10. #10
    Senior Member
    Join Date
    Jun 2003
    Posts
    219
    Hi,

    Can you tell me how to remove the file and the code?
    I am sorry I dont know how to do that.
    Now is the moment, or NEVER!!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •