-2

I have some code that is entering values into a database. I have an IF statement at the start to check if the string $jobno is empty and if it is, it redirects back to the form. But its not redirecting just runs the code successfully. 

if ($jobno=='') {
        header( 'Location: add_job.php?error=1');
    }

What am I doing wrong?!

 <?php
$status=$_POST["status"];
$jobno=$_POST["jobno"];
$number=$_POST["number"];
$street=$_POST["street"];
$suburb=$_POST["suburb"];
$city=$_POST["city"];
$first_name=$_POST["first_name"];
$first_name = ucfirst($first_name);
$last_name=$_POST["last_name"];
$last_name = ucfirst($last_name);
$landline=$_POST["landline"];
$mobile=$_POST["mobile"];
$fax=$_POST["fax"];
$email=$_POST["email"];

if ($jobno=='') {
    header( 'Location: add_job.php?error=1');
}

$con=mysqli_connect("server","user","pass","database");
// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to database: " . mysqli_connect_error();
}

mysqli_query($con,"INSERT INTO jobs (status, jobno, number, street, suburb, city, first_name, last_name, landline, mobile, fax, email)
VALUES ('$status', '$jobno', '$number', '$street', '$suburb', '$city', '$first_name', '$last_name', '$landline', '$mobile', '$fax', '$email')");

mysqli_close($con);

header( 'Location: photo_upload.php?new_job_success=y&jobno=' . $jobno ) ;

?>
georgewoofbates
  • 320
  • 2
  • 15

5 Answers5

2
 <?php
^---this space

is OUTSIDE of your code, so it's output, which makes

header( 'Location: add_job.php?error=1');

cause a "headers already sent" error.

You are also wide open and begging for an SQL injection attack

Marc B
  • 356,200
  • 43
  • 426
  • 500
  • Sorry what do you mean by this space is outside of your code? I'm confused – georgewoofbates Aug 15 '14 at 13:49
  • Basic PHP: Anything not within `` code blocks is simply output. **ANY** output triggers automatic sending of the response headers to the client. Your `Location:` is such a header, and can't be sent after output has started, because it'd simply become part of the response BODY. – Marc B Aug 15 '14 at 13:51
  • So I need to put the Header: Location into the tag? – georgewoofbates Aug 15 '14 at 13:54
  • No. php header() calls having **NOTHING** to do with `` blocks. header() sends an HTTP header. You should go read about the HTTP protocol's request/response formats. – Marc B Aug 15 '14 at 13:56
1

It could be 2 things

  • $jobno is not ''
  • since you aren't returning after your redirect, and you are doing a second redirect a bit later, your header would look like:
    • Location: add_job.php?error=1
    • Location: photo_upload.php?new_job_success=y&jobno=

put an else clause in your code:

<?php
...
if ($jobno=='') {
    header( 'Location: add_job.php?error=1');
}
else {
  $con=mysqli_connect("server","user","pass","database");
  // Check connection
  if (mysqli_connect_errno()) {
    echo "Failed to connect to database: " . mysqli_connect_error();
  }
  else
  {
    mysqli_query($con,"INSERT INTO jobs (status, jobno, number, street, suburb, city,first_name, last_name, landline, mobile, fax, email) VALUES ('$status', '$jobno', '$number', '$street', '$suburb', '$city', '$first_name', '$last_name', '$landline', '$mobile', '$fax', '$email')");

    mysqli_close($con);

    header( 'Location: photo_upload.php?new_job_success=y&jobno=' . $jobno ) ;
  }
}

?>
RaggaMuffin-420
  • 1,762
  • 1
  • 10
  • 14
DoXicK
  • 4,784
  • 24
  • 22
  • definitely advise the `if...else...` as i'm pretty sure the script will run even if you define the header, as the `header` doesn't kill the script. +1 – RaggaMuffin-420 Aug 15 '14 at 13:42
  • @RaggaMuffin-420 i know that is the problem indeed :-) but it never helps to put them in the right direction to let them properly check a value first. Debugging is such helpful skill! – DoXicK Aug 15 '14 at 13:44
  • did you change your script? as I'd use an else on the `if($jobno=='') { ... } else { ... }` – RaggaMuffin-420 Aug 15 '14 at 13:45
  • Oh right that's a good point using the else. Thanks I'll try that! – georgewoofbates Aug 15 '14 at 13:51
  • Is there any other way I can redirect without having to use the headers if this is going to be an ongoing problem? – georgewoofbates Aug 15 '14 at 14:23
  • you could go for a meta-redirect in the header and for a javavascript redirect (location.href = blabla)... – DoXicK Aug 15 '14 at 14:27
0

There is an space in the starting which is causing this error. You can't echo any output before sending the headers not even a single space. This small space is causing the header already sent error.You should remove the space on the starting of the php file. Your code should look like this

<?php
$status=$_POST["status"];

I hope this helps you

Utkarsh Dixit
  • 4,267
  • 3
  • 15
  • 38
-1

I think you must to use isset function. http://php.net/manual/en/function.isset.php

al_kash
  • 87
  • 4
-1

try using this code: 

if (!isset($_POST["jobno"])) {
    header( 'Location: add_job.php?error=1');
}
koosie
  • 54
  • 4