3

The header send me to the same address like the correct page but empty (all white). I have tried a few things to chack and it run good (like change a text). The problem is that it doesn't send me to google.

$insert = 'INSERT into appusers(appname, email, password, month) 
          VALUES("'.$appname.'","'.$email.'","'.$password.'","'.$monthpay.'")';  
mysql_query($insert);
session_start();
$_SESSION['id'] = $data['id']; 
header("Location: http://www.google.com/"); 
exit;

And I have tried to add ob_start(); at the start and it doesn't work.

Dmitry
  • 279
  • 2
  • 10
Liron Vaizer
  • 33
  • 1
  • 4
  • When you do SQL queries, either use prepared statements or escape your input properly. – thejh Mar 29 '13 at 14:33
  • 2
    Enable error_reporting and find out why. Then see [Headers already sent by PHP](http://stackoverflow.com/q/8028957) on why ob_start fails as solution. – mario Mar 29 '13 at 14:33
  • That password is a hash, right? Because if it isn't, you're doing it wrong. – thejh Mar 29 '13 at 14:34

4 Answers4

5

Replace

header("Location: http://www.google.com/");

With

if( !headers_sent() ){
  header("Location: http://www.google.com/");
}else{
  ?>
  <script type="text/javascript">
  document.location.href="http://www.google.com/";
  </script>
  Redirecting to <a href="http://www.google.com/">http://www.google.com/</a>
  <?php
}
die();

This way, even if there is output before the redirection, it should still work.

Luke Stevenson
  • 10,357
  • 2
  • 26
  • 41
  • it still going to save the id? – Liron Vaizer Mar 29 '13 at 14:45
  • Yes, any code before the redirection will be executed. Of course, if your code preceding the redirection throws an error, the new redirection will run regardless of whether an error message is shown, so that is something of a risk. – Luke Stevenson Mar 31 '13 at 03:23
3

You might have some white space before your script

Jacob Alexander
  • 45
  • 1
  • 4
0

If you have echoed anything to the browser, then your header redirect will not work. That is likely the problem.

Jeff Cashion PhD
  • 674
  • 6
  • 8
0

First of all, instead of redirecting to http://google.com/ you could redirect to about:blank.

header("Location: about:blank");

This will show the viewer a blank page as if they opened a new tab in their browser.

Edit: This works in edge but not in firefox or chrome which throw an "Corrupted Content" and "ERR_UNSAFE_REDIRECT" errors respectively.

I found that header("refresh:0;url=about:blank" ); will bypass this restriction and redirect the user almost instantly!

FlameBlazer
  • 33
  • 5