0

I am able to get error http codes displayed. But my success header doesn't display. I've tried 5 different ways am now stuck. They are successful, it adds to the database.

I've tried header("HTTP/1.1 200 OK"); http_response_code(200) I changed else then the success code to another if statement.

    <?php
if($_SERVER['REQUEST_METHOD'] == "POST")
{
    $conn=new PDO("mysql:host=localhost;dbname=kgraves;", "kgraves", "Ahph1ieg");

    $review= $_POST["review"];
    $poi_id = $_POST["poi_id"];
    $id= $_POST["id"];

    if (!$conn) 
    {
        die("Connection failed: " . mysqli_connect_error());
    }

    $results =$conn->query("INSERT INTO `poi_reviews`(`id`, `poi_id`, `review`) VALUES ('$id', '$poi_id', '$review')");

    if(empty($results))
    {
        header("HTTP/1.0 404 Not Found");
    }

    if(!$results)
       {
            header("HTTP/1.0 200 Success");
       }
}

    if(isset($_POST['submit']))
    {
        if ($review == "") 
        {
            header("HTTP/1.0 404 Not Found");
        }
    }
if(isset($_POST['submit']))
    {
        if ($poi_id == "") 
        {
            header("HTTP/1.0 404 Not Found");
        }
    }   
if(isset($_POST['submit']))
    {
        if ($id == "") 
        {
            header("HTTP/1.0 404 Not Found");
        }
    }
?>

Would like to know what I'm doing wrong! I've completed more complicated code it's obviously something silly I just don't understand.

Katherine Graves
  • 1
  • 3
    Elaborate on "my success header doesn't display." Headers aren't supposed to display. They're meant to be interpreted by your browser, not seen by your eyes. – Alex Howansky Jan 03 '19 at 14:45
  • 1
    Also, please read about [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection). Instead of building queries with string concatenation, use [**prepared statements**](https://secure.php.net/manual/en/pdo.prepare.php) with [**bound parameters**](https://secure.php.net/manual/en/pdostatement.bindparam.php). See [**this page**](https://phptherightway.com/#databases) and [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) for some good examples. – Alex Howansky Jan 03 '19 at 14:45
  • You can remove all those if statements if you do something like `if (isset($_POST['submit']) && $review == "") {}` – JeanPaul98 Jan 03 '19 at 14:51
  • As in for the error code it comes up as ERROR- BLAH BLAH BLAH... Then for the successful bit it comes up as nothing. nada. blank white screen. – Katherine Graves Jan 03 '19 at 14:58
  • I normally use php comments but atm i'm focused on getting my code working- its for my eyes only. And indentation I fix and make pretty at the end. I'm dyslexic- it looks horrendous to me anyway. – Katherine Graves Jan 03 '19 at 15:01

0 Answers0