0

New to PHP/SQL trying really hard getting there :). Now everything worked out for me to try and connect a form to my SQL database. But only the PHP redirect won't work.

I tried and red a lot of things about the redirect, like: the space you need to watch before the ':', there should be no content loaded before the redirect. All kept to this rules.

Now I was even doubting it was my server so I tried a different page with just the redirect and seems to work Yay...

The only difference I now do compared to an empty page is that I create some variables first and use the redirect in an if-statement.

Can't find the issue since all the echo's when a record is inserted or updated in SQL-DB is just working fine.

<?php include('db-connect.php');

session_start();  $_SESSION['brand_name'] = $_POST['brand'];
$_SESSION['brand_label'] = $_POST['label'];   $_SESSION['brand'] =
$_SESSION['brand_name'].".".$_SESSION['brand_label'];


$brand_name = $_SESSION['brand_name'];    $brand_label =
$_SESSION['brand_label'];     $brand = $_SESSION['brand'];     ?> <?php

if (isset($_POST['submit_form_1'])) {

   $sqlinsert = "INSERT INTO `brands` (brand, brand_name, brand_label) VALUES ('$brand', '$brand_name', '$brand_label')"; $sqlupdate = "UPDATE brands SET brand_label='$brand' WHERE brand_name='$brand'";



   if (!mysqli_query($db_connection, $sqlinsert))      {

           if  (!mysqli_query($db_connection, $sqlupdate))
           {   
               $submitmessage = 'Record failed to update or insert!';
           }
           else
           {
               // $submitmessage = "Record is succesfully updated";
               header("Location: Form2.php");
               die();

           }       }   else        {           // $submitmessage = "Record is succesfully inserted";           header("Location: Form2.php");          die();      } } ?> <?php
include 'header.php'; ?>


 <table class="main-container" border="0" cellspacing="0"
 cellpadding="0">   <tr>     
     <td>Select a brand to edit:<br />

       <form action="Form1.php" method="post">

         <select name="brand" id="brand" onchange="populate(this)">
           <option value="">--Please select option--</option>
           <option value="cheaptickets">brand1</option>
           <option value="vayama">brand2</option>
         </select>

         <select name="label" id="label">
           <option value="">--Please select option--</option>
          <option value="cheaptickets">test1</option>
           <option value="vayama">test2</option>
         </select>

         <br />
         <br />
         <input type="submit" value="Select this template!" name="submit_form_1" />
       </form>

       <span id="info-message">
         <?php
           echo $submitmessage;
           ?>
       </span>
       </td>   </tr> </table>

 <?php include 'footer.php'; ?>

db-connect.php contains following:

<?php DEFINE ('db_host', '*******'); DEFINE ('db_user', '*******'); DEFINE ('db_pswd', '*******'); DEFINE ('db_name', '*******');

$db_connection = mysqli_connect(db_host, db_user, db_pswd, db_name);
?>

Checked the following things:

  • DB-connection ✓check
  • When not using redirect message works fine ✓check
  • No content on page loaded before the redirect ✓check
  • Record gets inserted or updated in SQL-DB ✓check
  • Redirect works on page with nothing but the redirect ✓check

Any clever one can tell me what am I doing wrong? Thanks

STT LCU
  • 4,348
  • 4
  • 29
  • 47
Koenest
  • 13
  • 2
  • 1
    You are wide open to [SQL Injections](http://php.net/manual/en/security.database.sql-injection.php) and should really use [Prepared Statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead of concatenating your queries. Specially since you're not escaping the user input at all. – M. Eriksson Jan 16 '17 at 12:08
  • Why this question is down voted? This guy is new and we shouldn't discourage beginners. Edit if possible and try to answer them on their level. – Ejaz Karim Jan 16 '17 at 12:11
  • Try to replace `header("Location: Form2.php");` with `echo ` – Red Jan 16 '17 at 12:37
  • @RichardMauritz please make that an answer so that I can down vote it. OP should find the problem, not ignore it. –  Jan 16 '17 at 12:39
  • @terminus I dont ingore it at all. I just give him a solution. Its maybe not a PHP redirect but a JS redirect. I think my smiley made it look like worser than what i ment. – Red Jan 16 '17 at 12:42
  • try joining the scripts: remove `?> – Sebas Jan 16 '17 at 12:43
  • Thanks all for the replies @MagnusEriksson I know the code is open for SQL Injections. For now it is oke since it is a tool I am creating for myself, if all this works the next step was to dive into SQL-Injection. – Koenest Jan 16 '17 at 12:52

1 Answers1

0

I can see at least 7 bad style errors in the first 10 lines. You really should visit codereview.stackexchange.com and get some pointers.

Assuming we can rule out BOM markers in the code, then there are 2 places where your code may be leaking body content and hence flushing the headers. Both could be fixed by amending the main script from:

<?php include('db-connect.php');

session_start();  $_SESSION['brand_name'] = $_POST['brand'];

To....

<?php 
ob_start();
include('db-connect.php');

session_start();  
$_SESSION['brand_name'] = $_POST['brand'];
Community
  • 1
  • 1
symcbean
  • 47,736
  • 6
  • 59
  • 94
  • This worked out for me. When adding "ob_start();" it works, without it doesn't. Thanks! Also thanks for the useful link with the explanation. Made my day! – Koenest Jan 16 '17 at 12:49
  • 1
    You might also want to take some time to have a look at your error logs and logging mechanism. PHP should have told you there that the headers had already been sent. – symcbean Jan 16 '17 at 13:16
  • Thanks, will take that into account. Still so much to learn :), don't know where to start. – Koenest Jan 16 '17 at 14:41