Hi Dave (?)
2009/3/11 revDAVE <Cool@xxxxxxxxxxxxxxxx>:
> Hi Bastien - Stuart & Daniel
>
> Thanks for your help!
>
>
> On 3/10/2009 12:16 PM, "Bastien Koert" <phpster@xxxxxxxxx> wrote:
>
>> Are you getting an error? What does 'not working' mean?
>
> No errors the page just stayed on the
> header('Location: show.php'); page - never went to: show.php
>
One more thing to mention: The HTTP Protocoll requires you to give a
full URL on "Location" Headers. That means that this is wrong:
"Location: file.txt"
and this is correct
"Location: http://www.x.x/file.txt";
Not all clients behave like yours and accept the wrong header.
>
> Q: I might have learned something.... Does the: header('Location: xxx.php');
> command need to be in the first php block? On some pages when I make multi
> php blocks into 1 big one and put the header command inside it - it seems to
> work better - is this true?
>
All HTTP headers must be send before your script generates *any* output.
Output means echo's, PHP Notices, etc.
If you *must* output stuff before sending an header, you can use
output buffering, see http://php.net/ob_start
> Q: Also, is it possible that extra whitespace inside the php block can cause
> the header command to not work? (I might have that happening also - looking
> into it)
>
Yes, *any* output - no matter if you output " " or "x" or even ":-)".
>
>>
>> Well, if the above is in fact the case (and yes, different
>> versions and installations have been known to respond differently),
>> then you can use a browser-based meta refresh, which will work for all
>> browsers anyway:
unless disabled by the user.
>>
>> <?php
>> // .... your code....
>> header('Location: show.php');
>> echo '<meta http-equiv="refresh" content="0;show.php">';
erm .... <META> should be in a html document inside the <HEAD>, not *anywhere*.
>
>
> I tried refresh Daniel - and it worked great!
>
> I even added a GET var to it - worked also
>
> echo '<meta http-equiv="refresh" content="0;show.php?id='.$_GET[id].'">';
Very, very, very bad idea. You just opened a cross site scripting bug.
Imagine someone opens this URL
host/yourfile?id="><script>alert(document.cookie)</script>
You must always escape any input you take.
see http://php.net/security
>
> Thanks again folks!
>
You're welcome.
Byebye
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
