0

I have changed in my login form, and tried to convert it to MySQLI. But I get the following errors. Can anybody see what is wrong? I am not so good in php programming yet, so please ber with me :)

 <?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else{

// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
echo $username; 
echo $password;

/*
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
*/

// Selecting Database
include 'dbconfic.inc.php';

// her bruger jeg mysqli prepared statement:
    // '?' er placeholders for variabler
    $stmt = $mysqli->prepare("SELECT username FROM login WHERE password= ? AND username= ?;");
    // binder varialber til placeholders:
    // 's' er string, 1 for hver placeholder, her er der 1:
    $stmt->bind_param('ss', $password, $username);   // bind var til parameter

    // execute prepared statement 
    $stmt->execute();
     $stmt->store_result();
    $usern = null;  
    /* bind result variabler */
    $stmt->bind_result($usern);
    // antal returnerede rækker:
    $rows = $stmt->num_rows;
    echo $rows;
    /* fetch values for hver row, her kun 1 row dog: */
     while ($stmt->fetch()) {
           $username = $usern;
     }  
    echo $username;
    // luk statement                        
    $stmt->close();

    // luk connection
    $mysqli->close();       



if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
}
}
?>

ERROR: Warning: Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/project/login.php:17) in /Applications/MAMP/htdocs/roulette/login.php on line 62

Warning: Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/project/login.php:17) in /Applications/MAMP/htdocs/roulette/index.php on line 5

My connection in dbconfig looks like this:

<?php
    $db_host = "localhost";
    $db_user = "root";
    $db_pass = "root";
    $db_name  = "project_db";
    // connection:
    $mysqli = new mysqli($db_host, $db_user, $db_pass , $db_name);
    // tjek conenction:
    if (mysqli_connect_errno()) {
        printf("Connect failed: %s\n", mysqli_connect_error());
    }

    // vi kører utf-8 på connection:
    $mysqli->set_charset("utf8");   
?>

I am not quite sure what the modify header does/mean?

M375
  • 149
  • 9
  • If you are using mysqli where is the `i` in the `mysql_real_escape_string()` ? And no header can be sent after any output has been sent back, that includes error. – frz3993 Jan 07 '16 at 19:42
  • You don't need `$username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password);` with prepared statements. You probably also don't need `$stmt->bind_result($usern); // antal returnerede rækker: $rows = $stmt->num_rows; echo $rows; /* fetch values for hver row, her kun 1 row dog: */ while ($stmt->fetch()) { $username = $usern; }` If you get a return the name and password matched, you already have the name. You should hash passwords. – chris85 Jan 07 '16 at 19:51
  • Answer in errors: use PDO ;) Also, I don't see any usage of `mysqli_real_escape_string` in your code. So replace `mysql_real_escape_string` with `mysqli_real_escape_string`. This should solve your problem. – Sergey Chizhik Jan 07 '16 at 19:51
  • The problem is [you need to stop using the mysql_ extensions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) – Machavity Jan 07 '16 at 19:56
  • Thanks for all the replys. I have just updated my question with some of the new information. The only thing I am not quite sure of now, is what the "Cannot modify header information" is in this case? – M375 Jan 07 '16 at 20:05

0 Answers0