Posted by Amorz on 07/07/07 07:18

Kevin Raleigh wrote:
> Actually that is what I am doing. I just left out the top of the script
> containing all of my validation functions.
>
> If I use header('location: XXX'); I get a very nasty error that I haven't
> been able to resolve.
>
> Warning: Cannot modify header information - headers already sent by (output
> started at G:\xampp\htdocs\bethel\1purpose_bethel\register.php:8) in
> G:\xampp\htdocs\bethel\1purpose_bethel\register.php on line 107
>
> I was working with some other people and they suggested the JS to get by
> this error.
> Can you advise on how I can work with the header error?
> I guess I should work with it first then move on to the validation
>
> Kevin
>
>
> If your interested in the code I have here it is without the validation
> functions. I extracted them and put them into an include file so that I
> could clean up the code a bit.
>
> <?php
> // database connection, session_start(), and validation functions are
> included
>
> // has form been submitted
> if (isset($_POST['submit'])) {
>
> // lets check the output of each function call for data and load it into a
> session variable if it
> if ($userNameErr = userNameCheck(trimWhiteSpace($_POST['username']))){
> $_SESSION['SES_userNameErr'] = $userNameErr;
> }else{
> unset($_SESSION['SES_userNameErr']);
> }
> if($userPassErr = userPassCheck(trimWhiteSpace($_POST['pass']),
> trimWhiteSpace($_POST['pass2']))){
> $_SESSION['SES_userPassErr'] = $userPassErr;
> }else{
> unset($_SESSION['SES_userPassErr']);
> }
>
>
> if($nameErr = nameCheck(trimWhiteSpace($_POST['fName']),
> trimWhiteSpace($_POST['lName']))){
> $_SESSION['SES_nameErr'] = $nameErr;
> }else{
> unset($_SESSION['SES_nameErr']);
> }
>
>
> if($passHintErr = passHintCheck(trimWhiteSpace($_POST['passHint']))){
> $_SESSION['SES_passHintErr'] = $passHintErr;
> }else{
> unset($_SESSION['SES_passHintErr']);
> }
>
>
> if($emailErr = emailCheck(trimWhiteSpace($_POST['email']))){
> $_SESSION['SES_emailErr'] = $emailErr;
> }else{
> unset($_SESSION['SES_emailErr']);
> }
>
> if($emailErr || $passHintErr || $nameErr || $userPassErr || $userNameErr){
> //header('Location: register.php');
> ?>
> <script language="javascript">
> window.location = "register.php";
> </script>
> <?php
> }else{
>
> // here we encrypt the password and add slashes if needed
> $_POST['pass'] = md5($_POST['pass']);
>
> if (!get_magic_quotes_gpc()) {
> $_POST['pass'] = addslashes($_POST['pass']);
> $_POST['username'] = addslashes($_POST['username']);
> $_POST['fName'] = addslashes($_POST['fName']);
> $_POST['lName'] = addslashes($_POST['lName']);
> $_POST['passHint'] = addslashes($_POST['passHint']);
> $_POST['email'] = addslashes($_POST['email']);
> }
>
> //if there are no errors in data validation load the data into the database
> // now we insert it into the database
> $insert = "INSERT INTO user (username, password, fName, lName, passHint,
> email, bMonth)
> VALUES ('".$_POST['username']."',
> '".$_POST['pass']."','".$_POST['fName']."','".$_POST['lName']."','".$_POST['
> passHint']."','".$_POST['email']."','".$_POST['bMonth']."')";
> $add_member = mysql_query($insert);
> ?>
>
> <p>Thank you, <?php $fName = $_POST['fName']; $lName = $_POST['lName'];
> print "$fName $lName" ?> you have registered - you may now <a
> href="login.php">login</a>.</p>
> <?php
> }// end if error
> }// end if (isset($_POST['submit']))
> else
> { // if not posted display form
>
> ?>
>
> <!-- This is what they see before they have registered -->
>
> <p class="textpadded"><br/><br/><br/>
> Please enter your information in the form below. This information can
> only be accessed by Pastor Art and the Administrator for this website. When
> Pastor Art contacts us he would like to address us by name. It would also be
> nice if we could remember when a person is having a birthday. No years if
> you please ;-) </p>
>
> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
> <table width="448" border="0" cellpadding="5" align="center">
> <tr>
> <td width="101" align="left">First Name </td>
> <td width="156" align="left">
> <input name="fName" type="text" id="fName" maxlength="25" value="<?php
> $fName = $_POST['fName']; print $fName ?>"/>
> </td>
> <td width="153" rowspan="2" align="left">
> <?php if(isset($_SESSION['SES_nameErr'])) { $name =
> $_SESSION['SES_nameErr']; echo $name;} ?>
> </td>
> </tr>
> <tr>
> <td align="left">Last Name </td>
> <td align="left"><input name="lName" type="text" id="lName"
> maxlength="25" value="<?php echo $_POST['lName']; ?>"/></td>
> </tr>
> <tr>
> <td align="left">Birth Month </td>
> <td align="left"><label>
> <select name="bMonth" id="bMonth">
> <option value="0">Enter birthmonth</option>
> <option value="1">January</option>
> <option value="2">February</option>
> <option value="3">March</option>
> <option value="4">April</option>
> <option value="5">May</option>
> <option value="6">June</option>
> <option value="7">July</option>
> <option value="8">August</option>
> <option value="9">September</option>
> <option value="10">October</option>
> <option value="11">November</option>
> <option value="12">December</option>
> </select>
> </label></td>
> <td align="left">&nbsp;</td>
> </tr>
> <tr>
> <td align="left">Email:</td>
> <td align="left"><input type="text" name="email" maxlength="60"
> value="<?php echo $_POST['email']; ?>"/></td>
> <td align="left">
> &nbsp;
> <?php if($myEmail = $_SESSION['SES_emailErr']){ echo $myEmail;} ?>
> </td>
> </tr>
> <tr>
> <td align="left">Username:</td>
> <td align="left"><input type="text" name="username" maxlength="15"
> value="<?php echo $_POST['username']; ?>"/></td>
> <td align="left">
> &nbsp;
> <?php if($myUserName = $_SESSION['SES_userNameErr']){ echo $myUserName;}
> ?>
> </td>
> </tr>
> <tr>
> <td align="left">Password:</td>
> <td align="left"><input type="password" name="pass" maxlength="10"
> /></td>
> <td rowspan="2" align="left">
> &nbsp;
> <?php if($myPass = $_SESSION['SES_userPassErr']){ echo $myPass;} ?>
>
> </td>
> </tr>
> <tr>
> <td align="left">Confirm Password:</td>
> <td align="left"><input type="password" name="pass2" maxlength="10"
> /></td>
> </tr>
> <tr>
> <td align="left">Password Hint:</td>
> <td align="left"><input type="text" name="passHint" maxlength="25"
> value="<?php echo $_POST['passHint'] ?>"/></td>
> <td align="left">
> &nbsp;
>
> <?php if($passHint = $_SESSION['SES_passHintErr']){ echo $passHint;} ?>
> </td>
> </tr>
> <tr>
> <th colspan="4"><input type="submit" name="submit" value="Register"
> /></th>
> </tr>
> </table>
> </form>
>
> <?php
> }
> ?>
>
> insight would be greatly appreciated
> thank you
> kevin
> "Virginner" <the.bin@LOSEITvirgin.net> wrote in message
> news:f6kv3m$2hu$1@aioe.org...
>> "Kevin Raleigh" <kraleigh@sbcglobal.net> wrote in message
>> news:__GdnXgHRsh2aBDbnZ2dnUVZ_v23nZ2d@giganews.com...
>>> I have a set of function that work beautifully the first time that the
> form
>>> is processed, but the second time that I hit the submit button if any
>>> field
>>> contains data the form by passes all of my carefully planned validation
>>> and
>>> dumps the data into the DB.
>> <SNIP>
>>
>>> if($emailErr | $passHintErr | $nameErr | $userPassErr | $userNameErr){
>>> ?>
>>> <script language="javascript">
>>> window.location = "register.php";
>>> </script>
>>> <?php
>>> }else{
>> The first thing I can ask is why do you have *any* JavaScript in this
> code?
>> If it's just for redirection, then use header('Location: xxx'). If you
> have
>> JavaScript, then nasty people can easily automate adding data by simply
>> switching off the JavaScript.
>>
>> Next, it loks like you are using two scripts - one with the form
>> (register.php), which POSTs to the validation script, which then redirects
>> back to the to the form on errors. Howabout doing it all in one script?
>>
>> if form submitted then process form
>> {
>> if form data OK add data to database, display thank you and link to
>> login
>> }
>> else
>> {
>> (re)display form, populating form fields with $_POSTed variables, and
>> display any hints
>> }
>>
>>
>
>
If you send anything before the header, even a single space, it will
result in an error. The header have already been sent so sending them
again results in an error. This can be done quite easily if you have
blank line or a space or any other text before your script starts.

• Next in forum: Re: sending user an email after they have completed registration successfully
• Prev in forum: Re: sending user an email after they have completed registration successfully
• Thread view: Re: validating data from forms

[Reply to this message]