[RESOLVED] Help passing variable in header redirection

Badfish

Having trouble with header redirection passing variables from the url.
Any clue what I'm doing wrong here ?.

<? ob_start(); ?>
<?php 
require_once ("Includes/config.php"); 
require_once  ("Includes/connectDB.php");
include("Includes/header.php"); 
confirm_is_admin();
$lid = $_GET['lid'];
$yr = $_GET['yr'];
$gid = $_GET['gid'];
$pid = $_GET['pid'];
$pn = $_GET['pn'];

if (is_admin())
{
$aid = $_GET['aid'];
$query = "DELETE FROM articles WHERE article_id = ?";
$statement = $databaseConnection->prepare($query);
$statement->bind_param('i', $aid);
$statement->execute();
$statement->store_result();

if ($statement->error)
{
die('Database query failed: ' . $statement->error);
}
$deletionWasSuccessful = $statement->affected_rows > 0 ? true : false;
if ($deletionWasSuccessful)
{
header("Location:articlelist.php?lid=$league_id&yr=$season&gid=$gid&pid=$pid&pn=$pn");
}
else
{
echo "Failed deleting Article";
}
}
else
{
header("Location:articlelist.php?lid=$lid&yr=$yr&gid=$gid&pid=$pid&pn=$pn");
}
?>
<?php include ("Includes/footer.php");?>
<? ob_flush(); ?>

NogDog

First problem I see is that you have two else blocks in a row, which won't parse. (I'm assuming the lack of any indentation is a copy/paste issue -- not that PHP cares.)

Once you fix that, you'll probably want to urlencode() each value being passed as a URL parameter. Also, you really should use a fully qualified URI with header() to be HTTP 1.1 compliant.

header("Location: http://www.example.com/page.php?id=".urlencode($id)."&foo=".urlencode($foo));

Badfish

Thanks but that never worked and I found another way around it using java.

echo "<script type=\"text/javascript\">window.location.href='articlelist.php?lid=".$lid."&yr=".$season."&gid=".$gid."&pid=".$pid."&pn=".$pn."'</script>";

laserlight

Badfish wrote:
Thanks but that never worked and I found another way around it using java.

echo "<script type=\"text/javascript\">window.location.href='articlelist.php?lid=".$lid."&yr=".$season."&gid=".$gid."&pid=".$pid."&pn=".$pn."'</script>";

What you used was Javascript, not Java. More importantly, since you can determine even before the page has loaded that you want to do a redirect, doing the redirect in clientside scripting is a wrong approach. Rather, you determined from within the PHP script that you want to do a redirect, hence it is appropriate to use PHP to set the HTTP location header. If you could determine even before the PHP script is entered that you want to do a redirect (e.g., a permanent redirect from an old URL to a new URL), then it would be even more appropriate to do so at the webserver level, not PHP.

Refer to NogDog's post #2 again. Based on what was suggested, what did you try and how did it not work? Note that you should have an [man]exit[/man] or [man]die[/man] right after setting the location header with header() since there is almost always no point continuing the execution of a PHP script once you want to redirect the user.

Badfish

Don't know what I did wrong the first time for it not to work, so tried again and it worked this time :bemused:

<? ob_start(); ?>
<?php 
require_once ("Includes/config.php"); 
require_once  ("Includes/connectDB.php");
include("Includes/header.php"); 
confirm_is_admin();
$lid = $_GET['lid'];
$yr = $_GET['yr'];
$gid = $_GET['gid'];
$pid = $_GET['pid'];
$pn = $_GET['pn'];

if (is_admin())
{
$aid = $_GET['aid'];
$query = "DELETE FROM articles WHERE article_id = ?";
$statement = $databaseConnection->prepare($query);
$statement->bind_param('i', $aid);
$statement->execute();
$statement->store_result();

if ($statement->error)
{
die('Database query failed: ' . $statement->error);
}
// TODO: Check for == 1 instead of > 0 when State names become unique.
$deletionWasSuccessful = $statement->affected_rows > 0 ? true : false;
if ($deletionWasSuccessful)
{
header("Location: articlelist.php?lid=".urlencode($lid)."&yr=".urlencode($yr)."&gid=".urlencode($gid)."&pid=".urlencode($pid)."&pn=".urlencode($pn));
exit();
}
else
{
echo "Failed deleting Article";
}
}
else
{
header("Location: articlelist.php?lid=".urlencode($lid)."&yr=".urlencode($yr)."&gid=".urlencode($gid)."&pid=".urlencode($pid)."&pn=".urlencode($pn));
exit();
}
?>
<?php include ("Includes/footer.php");?>
<? ob_flush(); ?>

laserlight

Right. One thing I suggest is proper indentation, e.g.,

<?php
ob_start();

require_once "Includes/config.php";
require_once "Includes/connectDB.php";
include"Includes/header.php";

confirm_is_admin();

$lid = $_GET['lid'];
$yr = $_GET['yr'];
$gid = $_GET['gid'];
$pid = $_GET['pid'];
$pn = $_GET['pn'];

if (is_admin())
{
    $aid = $_GET['aid'];
    $query = "DELETE FROM articles WHERE article_id = ?";
    $statement = $databaseConnection->prepare($query);
    $statement->bind_param('i', $aid);
    $statement->execute();
    $statement->store_result();

if ($statement->error)
{
    die('Database query failed: ' . $statement->error);
}
// TODO: Check for == 1 instead of > 0 when State names become unique.
$deletionWasSuccessful = $statement->affected_rows > 0 ? true : false;
if ($deletionWasSuccessful)
{
    header("Location: articlelist.php?lid=" . urlencode($lid) .
        "&yr=" . urlencode($yr) . "&gid=" . urlencode($gid) .
        "&pid=" . urlencode($pid) . "&pn=" . urlencode($pn));
    exit();
}
else
{
    echo "Failed deleting Article";
}
}
else
{
    header("Location: articlelist.php?lid=" . urlencode($lid) .
        "&yr=" . urlencode($yr) . "&gid=" . urlencode($gid) .
        "&pid=" . urlencode($pid) . "&pn=" . urlencode($pn));
    exit();
}

include "Includes/footer.php";

ob_flush();

Notice that I got rid of all the PHP opening/closing tags, using just one opening tag (and not a short tag either), with no closing tag since that is unnecessary here. I added blank lines to separate some logical sections of the code and broke some long line statements into multiple lines. With the indentation, it is easier to see matching if/else statements.

One thing to do is to take NogDog's advice of using absolute URLs for the location header. Another thing to do is to use [man]isset[/man] or [man]empty[/man] to check that incoming variables like $_GET['lid'] actually exist before using them.

NogDog

Also, at least while in development mode, make sure error_reporting is at least at E_ALL level and that display_errors is on (or that you are monitoring the PHP error log), so you know if something like a "headers already sent" error is occurring.