Header("location

peterjunsworth · November 12, 2010, 12:58am

Hi,
The following code was working fine locally but after uploading to server the function no longer redirects.
I have read a bunch of forums saying that the header may already be outputting but I am not sure if this is the case.
Does anyone see anything obvious why this is not working?

public function courseDelete($tableName,$id,$page){
		if(isset($_GET['delete'])){
		$query = "DELETE FROM $tableName where id = '$id'";
		$result = mysql_query($query);
		if(!$result) {
		} else {
			header("Location:".$page.".php?status=you have successfully deleted the item from the database");
		}
	}
}

Raffles · November 12, 2010, 1:04am

A bit hard to tell without knowing what the value of $page is.

Also, maybe the query doesn’t work, so $result is falsy? These are things you should be able to debug yourself before asking here.

cranial_bore · November 12, 2010, 1:05am

It could be that the header() function isn’t being called.
If !$result you do and say nothing, so it could be that your query is failing. Throw an echo in there to do some debugging.

There are also some security problems with this code:

using GET to initiate an edit or delete makes CSRF attacks easier. Depending on your setup you could also have search engines following links that delete stuff.
are $tableName and $id escaped to avoid SQL Injection?

peterjunsworth · November 12, 2010, 1:13am

I know the query is working as the item is getting deleted from the database, $page is returning ‘faqs’ which I can get from the URL - Does it have to be an absolute path in the header?
I am not very confident at PHP yet so in terms of security I am sure that I am doing a few things wrong at this stage.

This delete item section is within the administration side that I have set up and the login section to the administration side is using mysql_real_escape_string. Should I be taking the security a lot further?

chris_upjohn · November 12, 2010, 1:17am

What happens if you remove the status message from the header redirect as im worried thats causing it to not fire

peterjunsworth · November 12, 2010, 1:21am

no difference i’m afraid.

peterjunsworth · November 12, 2010, 1:32am

By adding this to the courseDelete function:

include('classes/Security.class.php');
$security = new Security();
$security->escapeInput();

and Security.class.php looking like this:

public static function escapeInput(){
	$input_arr = array();
	if(get_magic_quotes_gpc()) {
		foreach ($_POST as $key => $input_arr) {
			$_POST[$key] = stripslashes($input_arr);
		}
	}
	foreach ($_POST as $key => $input_arr) {
		$_POST[$key] = mysql_real_escape_string($input_arr);
	}
}

How should I change this so it deals with variables in the URL or should I do this differently?

peterjunsworth · November 12, 2010, 2:56am

OK,
I couldn’t get the header to redirect so I used this instead:

<meta http-equiv="REFRESH" content="0;url=
```php
&lt;?php echo $page;?&gt;

.php?id=1&status=you have successfully deleted the item from the database">

Topic		Replies	Views
Troubles with a header redirect PHP	1	365	October 19, 2010
Problem php header location redirect blank page PHP	1	4774	July 16, 2016
Header(Location) PHP	9	1145	October 8, 2014
Location rederict PHP	5	852	October 8, 2014
Php redirect PHP	5	527	May 8, 2011

Header("location

Related topics