[RESOLVED] textarea request url problem (new header line detected)

disconne

Hi everyone,

for my comment script I have a problem: if user comment is validated, there is no problem. Everything is Ok. But, if visitor uses 'ENTER' for new paragraphs in his/her comment and form is not validated (for example wrong captcha input), mysql gives error and says Warning: Header may not contain more than a single header, new line detected. in /home/disconne/public_html/0/yazipaylas/yazipaylaskonf.php on line 29 (normally, it should return previous form page with validated fields are full of visitor entered before and only shoul say way the form is not validated and what should visitor do)

My problematic line is header("Location:".$_SERVER['HTTP_REFERER']."?isimx=$isimx&yazibasligi=$subje&epostadres=$kimden&kaynak=$source&lakap=$nick&yazicerik=$messagex
&wrong_code=true");

I learned from web that i think I should use urlencode(), htmlspecialchars() or something similar .. i have no experience about these functions and all my trials are unsuccessful

My raw code of my related page is below

All kind detailed helps are appreciated

best regards

 
<?php 
// load the variables form address bar
$subje = $_REQUEST["yazibasligi"];
$messagex = $_REQUEST["yazicerik"];
$kimden = $_REQUEST["epostadres"];
$verif_box = $_REQUEST["verif_box"];
$isimx = $_REQUEST["isimx"];
$source = $_REQUEST["kaynak"];
$nick = $_REQUEST["lakap"];

// remove the backslashes that normally appears when entering " or '
$messagex = stripslashes($messagex); 
$subje = stripslashes($subje); 
$kimden = stripslashes($kimden); 
$isimx = stripslashes($isimx);
$source = stripslashes($source);
$nick = stripslashes($nick);

include("{$kokdizin}functions/emailaddresscheck.php");

// check to see if verificaton code was correct
if(md5($verif_box).'a4xn' == $_COOKIE['tntcon'] && $nick !='' && $messagex!='' && $subje!='' && $kimden!='' && $isimx!='' && check_email_address($kimden) ){
    // if verification code was correct send the message and show this page
    mail("someone@someservice.com", 'BLA_BLA_YAZI_PAYLASIMI: '.$subje, 'Gonderen ip no : '.$_SERVER['REMOTE_ADDR']."\n\n".'Gonderen Isim : 

'.$isimx."\n\n".'Varsa Alinti Kaynak Bilgisi : '.$source."\n\n".' Varsa Gonderenin Kullanilmasini Istedigi Lakap : '.$nick."\n\n".'Paylasilan Yazi (Asagida) : 

'."\n\n".$messagex, "From: $kimden");
    // delete the cookie so it cannot sent again by refreshing this page
    setcookie('tntcon','');
} else {
// if verification code was incorrect then return to contact page and show error      


header("Location:".$_SERVER['HTTP_REFERER']."?isimx=$isimx&yazibasligi=$subje&epostadres=$kimden&kaynak=$source&lakap=$nick&yazicerik=$messagex&wrong

_code=true");
    exit;
}?>

richie

Maybe

nl2br()

will help.

Basically, it'd take something like:

line1
line2

and turn it into:

line1<br />line2

This essentially eliminates the pesky newline characters.

If that doesn't work, you can manually remove the new lines:

$subje = str_replace("\n", "<br />", $subje)

Remember too that whenever you're carrying data in a url, always run it through urlencode(), and then urldecode() on the destination page.

In general though, you should be aware of the maximum length of a URL, which could break your application if the user enters a lot of data in the form.

disconne

richie;10894372 wrote:
Maybe

nl2br()

will help.

Basically, it'd take something like:

line1
line2

and turn it into:

line1<br />line2

This essentially eliminates the pesky newline characters.

If that doesn't work, you can manually remove the new lines:

$subje = str_replace("\n", "<br />", $subje)

Remember too that whenever you're carrying data in a url, always run it through urlencode(), and then urldecode() on the destination page.

In general though, you should be aware of the maximum length of a URL, which could break your application if the user enters a lot of data in the form.

My problem was not to carry url through URLENCODE() function. I solved it, thank you so much Richie