GWD February 2016

Cannot modify header information - headers already sent by: PHP

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8"/>
        <title></title>
    </head>
    <body>
<?php
    if ($_POST['password'] != $_POST['confirmpassword'])
    {        
        $password = md5($_POST['password']);
        $confirmPass = md5($_POST['confirmpassword']);        
        echo "<script type='text/javascript'>alert('Error. Passwords do not match.');</script>";    
        header("Refresh:0; Registration.html"); 
    }
    else 
    {
        $password = md5($_POST['password']);
        $confirmPass = md5($_POST['confirmpassword']);
        echo 'Name: '.$_POST['firstname'].' '.$_POST['lastname']. '<br>';

        if($_POST['agerange'] == 1)
        {
            echo "Under 18<br>";
        }
        elseif($_POST['agerange'] == 2)
        {
            echo "Age 18-24<br>";
        }
        elseif($_POST['agerange'] == 3)
        {
            echo "Age 25-34<br>";
        }
        elseif($_POST['agerange'] == 4)
        {
            echo "Age 35-44<br>";
        }
        elseif($_POST['agerange'] == 5)
        {
            echo "Age 45-54<br>";
        }
        elseif($_POST['agerange'] == 6)
        {
            echo "Age 55-64<br>";
        }
        else
        {
            echo "Age 65 or older<br>";
        }

        if ($_POST['sex'] == 'male')
        {
            echo "Gender: Male<br>";
        }
        else
        {
            echo "Gender: Female<br>";
        }

        echo 'Phone Number: '.$_POST['daytimephone']. '<br>';
        echo 'Email: '.$_POST['email']. '<br>';
        echo 'Username: '.$_POST['username']. '<br>';

        if(isset($_POST['specialoffers']))
        {
            echo "You would like to recieve special offers from us via email.";
        }
        else
        {
            echo "You would NOT like to recieve special offers        

Answers


WheatBeak February 2016

You can't output anything before you modify headers. That means this:

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8"/>
        <title></title>
    </head>
    <body>

And this:

 echo "<script type='text/javascript'>alert('Error. Passwords do not match.');</script>";  

Are no good.

Aside from the security aspects others mentioned, the best way to make sure both passwords match would be before the form is submitted using jQuery validate or something similar.

If you had to do it like this, it would be better to store the message in a session variable and then output it on another page:

if ($_POST['password'] != $_POST['confirmpassword'])
    {        
        $password = md5($_POST['password']);
        $confirmPass = md5($_POST['confirmpassword']);        
        $_SESSION["msg"] =  "Error. Passwords do not match.";
        header("Location: Registration.php");
    }

On Registration.php:

if (isset($_SESSION["msg"])){

echo "<script type='text/javascript'>alert('" . $_SESSION["msg"] . "');</script>";
unset($_SESSION["msg"]);
}

Post Status

Asked in February 2016
Viewed 2,162 times
Voted 13
Answered 1 times

Search




Leave an answer