0

hi i have just picked up a script of the net for my site and when i uploaded in onto my site i get the following message:
Warning: Cannot modify header information - headers already sent by (output started at /home/matureco/public_html/new/php/connection.php:4) in /home/matureco/public_html/new/php/session.php on line 19

ive tried different things to solve it after googleing but nothing is changing can anyone see whats causing it here code for that page

<?php 
session_start();
include("connection.php");
if(isset($_POST['submit']))
{
 $user=$_POST['user'];
 $pass=$_POST['pass'];

 $sql="SELECT * from emp where user='".$user."' and pass='".$pass."'";  
 $rs=mysqli_query($con, $sql);

 if(mysqli_num_rows($rs)>0)
 {
   $rsdata=mysqli_fetch_array($rs);
   @extract($rsdata);
   $_SESSION['session_id']=$id;
   $_SESSION['session_user']=$user;
   //echo ('hello');
   header("location: user_profile_new.php");
 }
 else{
    echo "user or pass not matching please try again";
 }
}
?> 
3
Contributors
4
Replies
22
Views
2 Years
Discussion Span
Last Post by janicemurby
0

The problem you face is that you are trying to use the PHP header function, header(), but there can be absolutely no HTML output before this function is declared.
I suggest putting the header entry right after the <?php

0

if i move the header out of the php block like this

<?php 
session_start();
    include("connection.php");
    if(isset($_POST['submit']))
    {
     $user=$_POST['user'];
     $pass=$_POST['pass'];    
     $sql="SELECT * from emp where user='".$user."' and pass='".$pass."'";  
     $rs=mysqli_query($con, $sql);     
     if(mysqli_num_rows($rs)>0)
     {
       $rsdata=mysqli_fetch_array($rs);
       @extract($rsdata);
       $_SESSION['session_id']=$id;
       $_SESSION['session_user']=$user;
       //echo ('hello');      
     }
     else{
        echo "user or pass not matching please try again";
     }
    }
    ?>


header("location: user_profile_new.php");

i get the following header("location: user_profile_new.php");

and if i wrap it in php tags like this

  <?php 
session_start();
include("connection.php");
if(isset($_POST['submit']))
{
 $user=$_POST['user'];
 $pass=$_POST['pass'];

 $sql="SELECT * from emp where user='".$user."' and pass='".$pass."'";  
 $rs=mysqli_query($con, $sql);

 if(mysqli_num_rows($rs)>0)
 {
   $rsdata=mysqli_fetch_array($rs);
   @extract($rsdata);
   $_SESSION['session_id']=$id;
   $_SESSION['session_user']=$user;
   //echo ('hello');

 }
 else{
    echo "user or pass not matching please try again";
 }
}
?>
<?php header("location: user_profile_new.php");?>

and get
Warning: Cannot modify header information - headers already sent by (output started at /home/matureco/public_html/new/php/connection.php:4) in /home/matureco/public_html/new/php/session.php on line 26

1

You do realise that this code is unsecure? You are open to SQL injection. If you ran this code in a your site, I could get every user's details in a flash (including their emails). How embarrassing would that be for your swingers? Reminds me of a recent adultery site case :(
Use a prepared statement - see my recent tutorial:
DW Tutorial: Common Issues with MySQL and PHP for how to deal with this.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.