0

Possible Duplicate:
Headers already sent by PHP

I'm having some difficulty with my php coding.

I have 3 files, add.php, lib.php, and view.php

I created a simple form, and when the user clicks submit, it should direct them to the view.php where it will display the database. Now I'm having a couple issues I can't seem to resolve.

when the user clicks submit and the fields are blank or there is an error no entry should be made into the view page (or database)...however when I click submit a blank entry is made into the database. ALSO if i click "enter product" from the top menu bar anytime I click it, it causes a blank entry into the database. I can't figure out why that's happening.

My next issue is with the header('Location') and my browser says:

"Warning: Cannot modify header information - headers already sent by (output started at lib.php:13) in add.php on line 16"

However if I click submit on my form it goes away.

Here is the code for the pages:

I truly apologize if the code is really messy.

Any help / advice / solution is greatly appreciated thank you.

And yes this was an assignment---it was due last week but since I couldn't finish it, it's not worth any marks anymore.

Community
  • 1
  • 1
SorryEh
  • 900
  • 2
  • 15
  • 47
  • You have what look like JS comments `//////add.php//////` before your opening ` – Michael Berkowski Jun 22 '12 at 02:58
  • 1
    FYI, you are **wide open** to SQL injection. You **will be hacked** if you haven't been already. Learn to use prepared queries with PDO to avoid this problem entirely. – Brad Jun 22 '12 at 03:02
  • oh thanks for the heads up brad, I removed my password and user name for that purpose. And Michael i put those // there to separate the what's what to kinda help you guys understand what you're looking at, the comment's arent in the actual php document. – SorryEh Jun 22 '12 at 03:19

2 Answers2

1

Your if statement if (empty($_POST)){ will always fail and the else will run, thus the empty db entries.

$_POST will always have something in it, even for empty text inputs. Each key will be set to an empty string.

To test for whether you should save data or not you'll need to validate all required form fields. Your code will probably look something like this. This is by no means complete or secure, but it'll point you in the right direction.

<?php

// store validation rules for required fields
$requiredFields = array(...);

// Store all validation errors here.
$errors = array();

foreach($requiredFields as $key=>$rule) {
    if(empty($_POST[$key])) {
        $errors[$key] = true;
    }
    else {
        // you can perform more validation work on the value here.
    }
}

if(count($errors) > 0) {
    // form submit failure.
}
else {
    // form submit success, save to db
}
Jonathan Beebe
  • 5,241
  • 3
  • 36
  • 42
  • thank you, that does put things in better perspective. – SorryEh Jun 22 '12 at 03:27
  • 1
    You're welcome. If you have the time to use a formal framework, I've made great use of Yii's [CFormModel](http://www.yiiframework.com/doc/api/1.1/CFormModel/) which helps automate many of the redundant form tasks, such as validation and saving of data. You'll never need to write code like the above again :) – Jonathan Beebe Jun 22 '12 at 03:32
0

You are sending output before setting the header, thus the specified headers are not sent.

matt3141
  • 4,303
  • 1
  • 19
  • 24