Header.php is not working

PHP
1

I am using this header.php

 <style type="text/css"> 
    #header1 { 
        width: 100%; 
        font-size: 28px; 
        font-weight: bold; 
        font-style: oblique; 
        position: fixed; 
    } 
    #header1 span { 
        position: absolute; 
        top: 9px; 
        left: 5px; 
        color: #FFC; 
    } 
    #header1 img { 
        vertical-align: middle; 
    } 
    .userbox { 
        float: right; 
        width: 300px; 
        height: auto; 
        padding: 7px; 
        overflow: hidden; 
        margin-right: 2px; 
        margin-top: 0; 
        text-align: center; 
        color: #666; 
        font-size: 16px; 
        font-weight: bold; 
        line-height: 20px; 
        border: 0px solid red; 
    } 
    .userpic { 
        float: right; 
        width: 80px; 
        padding-top: 2px; 
        overflow: hidden; 
        margin-right: 1px; 
        margin-top: -1px; 
        text-align: left; 
        color: #666; 
        font-size: 16px; 
        font-weight: bold; 
        line-height: 10px; 
        border: 0px solid red; 
    } 
</style> 

    <div id="header1"> 
        <a href="index.php"> 
            <img src="images/new_icon11.gif" height="55" width="45" hspace="10" title="Go to Home" />
        </a> 
eAccounts  

        <div class="userpic"> 

            <?php $query="SELECT image FROM u_login where email = '" .$_SESSION[ 'email']. "'"; 
             $result=sqlsrv_query($con,$query)or die ( "Error". sqlsrv_errors($con)) ; 

               while($res=sqlsrv_fetch_array($result)) 
                { 
                    echo "<img border=\"0\" width=\"55\" height=\"55\" src=\"" ,"upload/".$res['image']."\">"; 
                 } 
            ?> 
        </div> 

       </div>

and sample.php is

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 

<head> 
    <title>Trial Balance</title> 
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 
    <meta http-equiv="Pragma" content="no-cache" /> 
    <meta http-equiv="Expires" content="-1" /> 

    <style type="text/css"> 

        html {  
            overflow: auto;  
            margin: 0;  
            height: 100%;  
            min-height: 100%;  
        }  
        #container {  
            min-height: 100%;  
            position: relative;  
            background-color: #FFF;  
            padding: 10px;  
            width: 100%;  
            border-radius: 5px;  
            overflow: hidden;  
        }  
        #content {  
            width: 85%;  
            height: auto;  
            border-color: #e3eeff;  
            background-color: #F2FBFF;  
            margin-top: 2px;  
            text-align: left;  
            border: 0px solid #06F;  
            overflow-y: auto;  
            margin: 0 auto;  
            padding: 30px;  
            box-shadow: 0px 0px 10px 10px #CCCCFF;  
            margin-top: 20px;  
            margin-bottom: 20px;  
        }  
    </style> 

</head> 

<body> 

<?php include_once("includes/header.php");?>  

    <div id="container">This is Container Div 
        <div id="content">This is Content Div 
        </div> 
    </div> 
</body> 

</html>

but when I run sample.php then HEADER. is not showing as show below

1117Ă—401 16.4 KB

Please help me what I am doing wrong,

2

Are people just going to start substituting mysql_* with sqlsrv_ now? It’s not going to excuse the fact that you’re wide to SQL Injections. I mean you’re still stuffing the raw data into the query string like it’s 1980. Why are people so backwards with PHP?

Anyways, onto your main concern. Might be this bit

email = '" .$_SESSION[ 'email']. "'";

If you were ACTUALLY doing it correctly, it would of been.

$query = "SELECT image FROM u_login where email = " . $_SESSION[ 'email'];

There’s ABSOLUTELY no reason to add "'" into the query after a variable if the ending part has no more legitimate use.

Using PDO, you just do.

$sql = "SELECT image FROM u_login WHERE email = :email";
$prepare = $db->prepare($sql);
$parameters = array(':email' => $email);
$prepare->execute($parameters);

And with mysqli_*, you do.

$sql = "SELECT image FROM u_login WHERE email = ?";
$prepare = $db->prepare($sql);
$prepare->bind_param('s', $email);
$prepare->execute();

Your problem might also be because you haven’t declared session_start on sample.php. Make sure it’s declared on all files that you want to use $_SESSION on.

3

Thank for good hints

But

That wat not real problem.
Only Header div is not appearing on sample.php

In other words this line of code is not working

<?php include_once("includes/header.php");?>

Please

4

Use the View Source feature in your browser and examine the html where the header should be. You might just see the include statement which implies that php is not enables on your server. Or you might see some errors.

5

Trying to understand this. You seem to be saying that:

"SELECT * FROM users WHERE email = joe@wtf.com"

is valid sql? And what exactly does mysql have to do with Microsoft SQL Server?

6

Your header.php is flawed in that it includes both CSS and HTML. The CSS part belongs in the <head> section of your document whilst the HTML belongs in the <body> section.

7

In HTML5 you can use style tags in the body element. Even in most older browsers it will work just fine. Not something to be encouraged perhaps but it will work. I’m guessing that php is not enabled on the server.

8

Can you point me to some documentation to back that up?

There is no doubt that it works, I see it all the time in various sites, but I don’t believe it is valid html. I think it’s just that modern browsers are very forgiving and good at interpreting broken and invalid code.

9

I am very much amazing that other users has started new conversation in my thread inspite my problem still not solved.

The Header div is still not showing on right place.

10

Do you have any error reporting?
What errors are you getting?
The error reporting or log should tell you what is going wrong.

That is one possibility, the other is that the include is working, but the code within it is failing.
Looking at the source of the resulting page will quickly tell you which is the case.

11

It happens. And what was the result of viewing the source of your browser page?

Trying to help you is a two way street. There are several things that could be wrong and without your feedback, helping you is pretty much a hot or miss type thing.

1 Like
12

Guess I can’t because it looks like I was wrong. It is easy to find people who say it is okay but looking at the the actual specifications indicates that it is not. I even tried the w3 validator. html5 did introduce a “scoped” attribute which would be style legal inside the body but the attributes does not appear to be supported.

1 Like
13

No, I’ve never used legacy functions before and I will mostly never. So if the syntax is wrong, most likely, that’s because I have never used it before since it’s a legacy function. I just assumed that most noobies tend to Copy&Paste from other sources online and they wouldn’t know what they were copying and pasting. Still, having double quotes or single quotes after a variable when the variable has nothing connecting to it is redundant hence why I said what I said.

These 2 lines basically output the same value. However, how does it make any sense adding double quotes and single quotes like this when the ending part is just the variable itself?

$var = 'I am just a var and my value is ' . $_SESSION['var'];

$var = 'I am just a var and my value is ' . $_SESSION['var'] . '';

This line below makes more sense than the last line above.

$var = 'I am just a var and my value is ' . $_SESSION['var'] . ', but I am just another block.';

So that’s what I just assumed OP was doing.

You should go back and re-read OP’s post. It has PHP’s sqlsrv_query function. I am starting to see a trend where half of the PHP users who have been using the old and dead mysql_* functions are now migrating to a different database API. And they aren’t going to change their ways. They are still using legacy codes (stuffing raw data in queries and not preparing them). It’s sad that people are also doing this with PDO as well. They can’t seem to get a grasp on how to secure their codes from attacks.

14

This is not about legacy functions. This is about plain sql.

$sql = "SELECT * FROM users WHERE email = joe@example.com ";
$sql = "SELECT * FROM users WHERE email = 'joe@example.com' ";

One of the above is valid sql, one is not.

Are you seriously suggesting that developers are moving from mysql to Microsoft SQL Server just because php dropped a legacy mysql interface? sqlsrv is not a generic database interface, it is specific to Microsoft SQL Server just like mysql_ was specific to mysql.

15

For testing, try changing

<?php include_once("includes/header.php");?>

to

<?php require_once "includes/header.php"; ?>

Making it require will cause a squawk if it fails.

Re making it more secure, try changing the code to something like

<div class="userpic"> 
<?php 
$query="SELECT image FROM u_login where email = ?";
$params = array($_SESSION[ 'email']);
$result = sqlsrv_query( $conn, $query, $params);
if( $result === false ) {
     die( print_r( sqlsrv_errors(), true));
}
while($res=sqlsrv_fetch_array($result, SQLSRV_FETCH_ASSOC)) 
{
  echo "<img border=\"0\" width=\"55\" height=\"55\" src=\"" ,"upload/".$res['image']."\">"; 
} 
sqlsrv_free_stmt($result);
?> 
</div>

* you’ll need “$conn” wherever that is coming from.

Also, try not putting <style> inside the <body>

2 Likes
16

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.