Member Avatar for janicemurby

hi i have just picked up a script of the net for my site and when i uploaded in onto my site i get the following message:
Warning: Cannot modify header information - headers already sent by (output started at /home/matureco/public_html/new/php/connection.php:4) in /home/matureco/public_html/new/php/session.php on line 19

ive tried different things to solve it after googleing but nothing is changing can anyone see whats causing it here code for that page

<?php 
session_start();
include("connection.php");
if(isset($_POST['submit']))
{
 $user=$_POST['user'];
 $pass=$_POST['pass'];

 $sql="SELECT * from emp where user='".$user."' and pass='".$pass."'";  
 $rs=mysqli_query($con, $sql);

 if(mysqli_num_rows($rs)>0)
 {
   $rsdata=mysqli_fetch_array($rs);
   @extract($rsdata);
   $_SESSION['session_id']=$id;
   $_SESSION['session_user']=$user;
   //echo ('hello');
   header("location: user_profile_new.php");
 }
 else{
    echo "user or pass not matching please try again";
 }
}
?>
  • 3 Contributors
  • 4 Replies
  • 137 Views
  • 16 Hours Discussion Span
  • Latest Post Latest Post by janicemurby
Member Avatar for rch1231

The problem you face is that you are trying to use the PHP header function, header(), but there can be absolutely no HTML output before this function is declared.
I suggest putting the header entry right after the <?php

Member Avatar for janicemurby

if i move the header out of the php block like this

<?php 
session_start();
    include("connection.php");
    if(isset($_POST['submit']))
    {
     $user=$_POST['user'];
     $pass=$_POST['pass'];    
     $sql="SELECT * from emp where user='".$user."' and pass='".$pass."'";  
     $rs=mysqli_query($con, $sql);     
     if(mysqli_num_rows($rs)>0)
     {
       $rsdata=mysqli_fetch_array($rs);
       @extract($rsdata);
       $_SESSION['session_id']=$id;
       $_SESSION['session_user']=$user;
       //echo ('hello');      
     }
     else{
        echo "user or pass not matching please try again";
     }
    }
    ?>


header("location: user_profile_new.php");

i get the following header("location: user_profile_new.php");

and if i wrap it in php tags like this

  <?php 
session_start();
include("connection.php");
if(isset($_POST['submit']))
{
 $user=$_POST['user'];
 $pass=$_POST['pass'];

 $sql="SELECT * from emp where user='".$user."' and pass='".$pass."'";  
 $rs=mysqli_query($con, $sql);

 if(mysqli_num_rows($rs)>0)
 {
   $rsdata=mysqli_fetch_array($rs);
   @extract($rsdata);
   $_SESSION['session_id']=$id;
   $_SESSION['session_user']=$user;
   //echo ('hello');

 }
 else{
    echo "user or pass not matching please try again";
 }
}
?>
<?php header("location: user_profile_new.php");?>

and get
Warning: Cannot modify header information - headers already sent by (output started at /home/matureco/public_html/new/php/connection.php:4) in /home/matureco/public_html/new/php/session.php on line 26

Member Avatar for diafol

You do realise that this code is unsecure? You are open to SQL injection. If you ran this code in a your site, I could get every user's details in a flash (including their emails). How embarrassing would that be for your swingers? Reminds me of a recent adultery site case :(
Use a prepared statement - see my recent tutorial:
DW Tutorial: Common Issues with MySQL and PHP for how to deal with this.

Member Avatar for janicemurby

yes ive since found another script hun

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.