Just finished working through this tutorial and all seems to be working well. The comments can be input and they get written to the database and display fine. The only problem seems to be with the process form. When I hit the 'Post Comments' button, the below message appears.
CODE
Warning: Cannot modify header information - headers already sent by (output started at C:\htdocs\WebgorillaPHP\admin\process.php:8) in C:\htdocs\WebgorillaPHP\admin\process.php on line 60
I have had this problem previously. Before I moved a load of code above the doctype declaration. But in process.php there is no doctype dec, just php script.
I'd be grateful if someone could shed light on what I am doing wrong. Other than this though, things are working very well.
CODE
<?php
// check to see if the submit button has been input
if (isset($_POST['submit'])){
// check to see if all the required information has been submitted
if(empty($_POST['name']) || empty($_POST['email']) || empty($_POST['comment'])){
die('You have forgotten to complete one of the required fields. Please ensure you fill in your name, an email address and comments.');
}
// striptags from input as a security messure to ensure that a hacker doesn't try and
// disrupt the website.
$entry = htmlspecialchars(strip_tags($_POST['entry']));
$timestamp = htmlspecialchars(strip_tags($_POST['timestamp']));
$name = htmlspecialchars(strip_tags($_POST['name']));
$email = htmlspecialchars(strip_tags($_POST['email']));
$url = htmlspecialchars(strip_tags($_POST['url']));
$comment = htmlspecialchars(strip_tags($_POST['comment']));
// Use the nl2br() to add line breaks into the comment field.
$comment = nl2br($comment);
// put in a check to escape quotes, if the server doesn't do it for us. If this is not done
// and the server doesn't escape quotes then this will cause errors.
if (!get_magic_quotes_gpc()) {
$name = addslashes($name);
$url = addslashes($url);
$comment = addslashes($comment);
}
// perform a check to see if the email address is valid.
if (!eregi("^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", $email)) {
die("The e-mail address you submitted does not appear to be valid. Please go back and correct it.");
}
// Assign connection data to variables
$host = "localhost";
$user = "*****";
$pass = "*****";
$db = "*****";
// Connect to MySQL
$connection = mysql_connect($host, $user, $pass) or die('Error: Could not connect you to MySQL');
// Connect to database
mysql_select_db($db) or die('Error: Could not connect you to the database');
// Create query to insert the comment
$result = mysql_query("INSERT INTO blog_Comments (entry, timestamp, name, email, url, comment) VALUES ('$entry', '$timestamp', '$name', '$email', '$url', '$comment')") or die('Error: Could not perform query because: '.mysql_error());
// add the below line to forward us back to the entry we are commenting on
header("Location: blog_singleEntry.php?id=" . $entry);
// the below line stops people from coming directly to the process page.
} else {
die("Error: you cannot access this page directly.");
}
?>
// check to see if the submit button has been input
if (isset($_POST['submit'])){
// check to see if all the required information has been submitted
if(empty($_POST['name']) || empty($_POST['email']) || empty($_POST['comment'])){
die('You have forgotten to complete one of the required fields. Please ensure you fill in your name, an email address and comments.');
}
// striptags from input as a security messure to ensure that a hacker doesn't try and
// disrupt the website.
$entry = htmlspecialchars(strip_tags($_POST['entry']));
$timestamp = htmlspecialchars(strip_tags($_POST['timestamp']));
$name = htmlspecialchars(strip_tags($_POST['name']));
$email = htmlspecialchars(strip_tags($_POST['email']));
$url = htmlspecialchars(strip_tags($_POST['url']));
$comment = htmlspecialchars(strip_tags($_POST['comment']));
// Use the nl2br() to add line breaks into the comment field.
$comment = nl2br($comment);
// put in a check to escape quotes, if the server doesn't do it for us. If this is not done
// and the server doesn't escape quotes then this will cause errors.
if (!get_magic_quotes_gpc()) {
$name = addslashes($name);
$url = addslashes($url);
$comment = addslashes($comment);
}
// perform a check to see if the email address is valid.
if (!eregi("^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", $email)) {
die("The e-mail address you submitted does not appear to be valid. Please go back and correct it.");
}
// Assign connection data to variables
$host = "localhost";
$user = "*****";
$pass = "*****";
$db = "*****";
// Connect to MySQL
$connection = mysql_connect($host, $user, $pass) or die('Error: Could not connect you to MySQL');
// Connect to database
mysql_select_db($db) or die('Error: Could not connect you to the database');
// Create query to insert the comment
$result = mysql_query("INSERT INTO blog_Comments (entry, timestamp, name, email, url, comment) VALUES ('$entry', '$timestamp', '$name', '$email', '$url', '$comment')") or die('Error: Could not perform query because: '.mysql_error());
// add the below line to forward us back to the entry we are commenting on
header("Location: blog_singleEntry.php?id=" . $entry);
// the below line stops people from coming directly to the process page.
} else {
die("Error: you cannot access this page directly.");
}
?>
Many Thanks
Stuart