[maxwell@]

Hi

I have set up a page (computers_staff.php) with a comments form that when submitted
gets directed by a header function to a confirmation page which redirects
back to the comments page. This should avoid the form re-submitting
when the page is refreshed.
When I test the page in localhost everything works fine!
When I test online the page redirects back to the comments page but
does not show the form or previous comments, all that displays is my
included header. include("includes/header.php");

When I first load the site online and navigate to the comments page using the site
navigation the comments page displays the form and comments section as required.

It looks as if has something to do with the

header('Location: report_confirm.php');

which then

header('Location: computers_staff.php');


This is the full page -

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Make Me Elvis - Add Email</title>
 <link rel="stylesheet" href="styles.css" type="text/css" media="screen" />
</head>
<body>
  <?php include("includes/header.php"); 
# FileName="Connection_php_mysql.htm"
# Type="MYSQL"
# HTTP="true"

$hostname_abe = "localhost";
$database_abe = "test";
$username_abe = "user";
$password_abe = "pass";
$abe = mysql_pconnect($hostname_abe, $username_abe, $password_abe) or trigger_error(mysql_error(),E_USER_ERROR); 


mysql_select_db($database_abe, $abe);
$query_staff_list = "SELECT * FROM computers ORDER BY name ASC";
$staff_list = mysql_query($query_staff_list, $abe) or die(mysql_error());
$row_staff_list = mysql_fetch_assoc($staff_list);
$totalRows_staff_list = mysql_num_rows($staff_list);

  if (isset($_POST['submit'])) {
    $name = $_POST['name'];
    $report = $_POST['report'];
	//$resolved = $_POST['resolved'];
    $output_form = 'no';

    if (empty($name) || empty($report)) {
      // We know at least one of the input fields is blank 
      echo 'Please fill out all of the email information.<br />';
      $output_form = 'yes';
    }
  }
  else {
    $output_form = 'yes';
  }

  if (!empty($name) && !empty($report)) {
    $dbc = mysqli_connect('localhost', 'user', 'pass', 'test')
	or die('Error connecting to MySQL server.');
	date_default_timezone_set('Europe/London');
	$date = date('Y'-'m'-'d');	
	$query = mysql_query("INSERT INTO reports (name, report, date) VALUES ('$name', '$report', null)") or die(mysql_error());
    mysqli_query($dbc, $query);

    header('Location: report_confirm.php');

    mysqli_close($dbc);
  }

  if ($output_form == 'yes') {
?>

  <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
  <table align="center"><tr><td valign="top">
  <label for="name"></label><select name="name" id="name">
          <?php
do {  
?>
          <option value="<?php echo $row_staff_list['name']?>"><?php echo $row_staff_list['name']?></option>
          <?php
} while ($row_staff_list = mysql_fetch_assoc($staff_list));
  $rows = mysql_num_rows($staff_list);
  if($rows > 0) {
      mysql_data_seek($staff_list, 0);
	  $row_staff_list = mysql_fetch_assoc($staff_list);
  }
?>
        </select></td><td>
        
        <label for="report"></label><textarea name="report" id="report" cols="50" rows="8"></textarea></td></tr>
        <tr><td>&nbsp;</td><td><input type="submit" name="submit" value="Submit" /></td></tr></table>
  </form><br/>
  <?php 
  $dbc = mysqli_connect('localhost', 'user', 'pass', 'test')
	or die('Error connecting to MySQL server.');
   $query = "SELECT * FROM reports ORDER BY date DESC";
    $result = mysqli_query($dbc, $query)
	or die('Error querying database.');
while( $row = mysqli_fetch_assoc($result)){
	$id = $row['id'];
	$name = $row['name'];
	$report = $row['report'];
	$date = $row['date'];	
	echo "<table align='center' border='1' width='80%'><tr><td>Computer / Laptop $name</td><td>Reported on $date</td></tr>
	<tr><td colspan='2'>$report</td></tr></table>";
	}
  }
?>
</body>
</html>

Best regards Maxwell

[codeprada]

You shouldn't output HTML before calling the header function. In fact your PHP should be on the same page as your HTML like that. Place this at the top of your script

ini_set('display_errors', true); 
error_reporting( E_ALL );

This post has been edited by codeprada: 11 July 2011 - 04:12 PM

[maxwell@]

I placed

ini_set('display_errors', true);
error_reporting( E_ALL );

at the top of computers_staff.php and received this error


Warning: Cannot modify header information - headers already sent by (output started at /htfiles/online/public/tutor/computers_staff.php:10) in /htfiles/online/public/tutor/computers_staff.php on line 56

[codeprada]

Exactly....No HTML or output of any kind before calling a header function. Remove all the HTML you've got at the top of your script.

By the way why would you need HTML if the user is not going to see it when you do a redirect?

P.S. Always place exit; after a redirect

Sorry my previous post had a typo. I had should instead of shouldn't output html...

This post has been edited by codeprada: 11 July 2011 - 04:12 PM

[maxwell@]

Hi

I now realize my form isn't redirecting at all.

I removed the

header('Location: computers_staff.php');

from report_confirm.php and added an HTML link to computers_staff.php

When I submitted the comment form in computers_staff.php the comments form
and previous comments disapeared leaving just the included banner heading.

Could you possibly pin point where I should place the header function re-directing to
report_confirm.php

I can then deal with either re-directing or adding an HTML link back to computers_staff.php

Best regards Maxwell

[CTphpnwb]

Show us your new code. The code that doesn't have HTML before the header, and hopefully doesn't have HTML anywhere in a PHP file.

[maxwell@]

Hi

My comments form is now redirecting the way I want it to,
the proper GET variables make my comments page appear the
way it should.

Unfortunately it is using the GET method. This has caused
my database INSERT to stop working as it depends on POST

I also know you can't use GET when changing anything on the server.

Is there a way to change my code to POST while allowing it to
work the way it is now!



comments page code -

try {  

$pdo = new PDO("mysql:host=$hostname;dbname=tutor", $username, $password); 

}catch (PDOExeption $e){  

 echo $e->getMessage();  
 } 
 
// extract $_GET values from URL

$_def_soft_id = 1;
$_def_id = 9876;

$_soft_id = isset($_GET['software_id']) ? $_GET['software_id'] : $_def_soft_id;
$_id = isset($_GET['id']) ? $_GET['id'] : $_def_id;

//$_action = $_SERVER['PHP_SELF'] . '?id=' . $_id . '&software_id=' . $_soft_id;

//////////////////////////////////////////////////

// insert contents of form fields into the database
 
if(isset($_POST['submit'])) {
$mysql = new mysqli('localhost','tutor','password','tutor') or die('There was a problem connecting to the database');
if($stmt = $mysql->prepare('INSERT INTO guest(name, email, comment, software_id) VALUES (?,?,?,?)')) {

$stmt->bind_param('sssi',$_POST['name'],$_POST['email'],$_POST['comment'],$_POST['software_id']);
	
$stmt->execute();
$stmt->close();
} else {
  echo 'error: ' . $mysql->error;
}
}
////////////////////////////////////////////

// display database contents on in table

$dbh = $pdo->prepare("SELECT `date`, `name`, `email`, `comment`, `software_id` FROM `guest` WHERE `software_id` = ? ORDER BY `date` DESC"); 

$dbh->bindValue(1, $_GET['software_id'], PDO::PARAM_INT); // assuming it's an integer    

$dbh->execute();   
$dbh->setFetchMode(PDO::FETCH_ASSOC); 

while($row = $dbh->fetch()) {echo '<table width="100%" cellspacing="0" cellpadding="3" class="tablebg">
        <tr class="formlabels">
          <td align="left" class="tl" width="40%">Author:&nbsp;'.$row['name'].'</td>
          <td width="45%" align="left">Date:&nbsp;'.$row['date'].'</td>
          <td width="15%" align="center" class="tr"><a href="mailto:'.$row['email'].'">Email Author</a></td>
          </tr>
        <tr class="formlabels">
          <td colspan="4" class="bl">'.$row['comment'].'</td>
          </tr>
      </table>';
	  }
?>
<html>
<head>
<link rel="stylesheet" href="styles.css" type="text/css" media="screen" />
</head>
<body>
<hr />
<form method="GET" action="comment_confirm.php">
	<table>
  <input type="hidden" name="id" value="<?php echo $_id; ?>"/>
	  <br/>
	 <input type="hidden" name="software_id" value="<?php echo $_soft_id; ?>"/>
     <tr><td>Name:</td></tr>
	  <tr>
	    <td> <input name="name" type="text" value="" size="45" /></td></tr>
       <tr><td>Email:</td></tr>
        <tr><td><input type="text" name="email" value="" size="45" /></td></tr>
        <tr><td>Comment:</td></tr>
   <tr><td><textarea cols="80" rows="6" name="comment" value="" ></textarea></td></tr>    
   <tr><td><input type="submit" name="submit" value="Add Comment" /></td><td>&nbsp;</td></tr>
  </table>
</form>
<br />
<br />
    </body>
</html>

re-direct page code

if(isset($_GET['software_id']))    header('Location: fulltitle.php?software_id='.$_GET['software_id'] . '&id=' . $_GET['id'] );

Best regards Maxwell

[CTphpnwb]

maxwell@, on 14 July 2011 - 08:27 PM, said:

[size="2"]I also know you can't use GET when changing anything on the server.

That is wrong.

Your form uses get so you should use the $_GET array to retrieve the values.

[maxwell@]

Can you point me to information (tutorial, article) on using the GET array
to pass and capture variables?

Best regards Maxwell

This post has been edited by maxwell@: 15 July 2011 - 03:28 AM

[codeprada]

Look at your form's method attribute. Notice you've got get. That means that all your form data is accessible via $_GET and not $_POST.

[maxwell@]

Hi

Using GET and action="comment_confirm.php">

everything works the way I want it to, apart
from the fact that no form data is inserted
into the database.
My INSERT statement totally relies on POST

if(isset($_POST['submit'])) {
$mysql = new mysqli('localhost','tutor','password','tutor') or die('There was a problem connecting to the database');
if($stmt = $mysql->prepare('INSERT INTO guest(name, email, comment, software_id) VALUES (?,?,?,?)')) {

$stmt->bind_param('sssi',$_POST['name'],$_POST['email'],$_POST['comment'],$_POST['software_id']);

$stmt->execute();
$stmt->close();
header('Location: fulltitle.php');
} else {
echo 'error: ' . $mysql->error;
}
}


If I change all POSTs to GET the insert works, but when I refresh
the form data is re-entered into the database, which the whole
re-direct is supposed to avoid. Also all of the form data shows
in the URL which I believe is a security risk!

Regards Maxwell