[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 832
  • Last Modified:

Warning: Cannot modify header information

Im pretty new to php sessions and headers. Im using a script that
seemed to be what I needed. found it here -  http://www.mpdolan.com

The script require that all page that are to be protected include:

header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);

session_id($_GET['PHPSESSID']); // this is a Modification. For some reason the session data wasnt sticking so admins would have to login twice and this works.


The admin section allows user & content management as expected.
the pages successfully pass the session_id()  around fine with <a> tags
but header locations are unpredictable.
Onces the fields on the page are complete and the following is executed:

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
  $insertSQL = sprintf("INSERT INTO schedule_event (ID, `date`, title, content, more) VALUES (%s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['ID'], "int"),
                       GetSQLValueString($_POST['date'], "date"),
                       GetSQLValueString($_POST['title'], "text"),
                       GetSQLValueString($_POST['content'], "text"),
                       GetSQLValueString($_POST['more'], "text"));

  mysql_select_db($db, $connect);
  $Result1 = mysql_query($insertSQL, $connect) or die(mysql_error());

  $insertGoTo = "AdmShedule.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  elseif((isset($_POST['cancel'])) && ($_POST['cancel'] == "cancel")){
        header(sprintf("Location: AdmShedule.php"));
  header(sprintf("Location: %s", $insertGoTo));

I get this Error:
Warning: Cannot modify header information - headers already sent by (output started at /home/***/public_html/beta/Admin/AdmSheduleAdd.php:20) in /home/***/public_html/beta/Admin/AdmSheduleAdd.php on line 75

but when I got the page that deletes entries:
the first one being a verify deletion page
that executes this:

if ((isset($_POST['submit'])) && ($_POST['submit'] != "")) {
  $deleteSQL = sprintf("DELETE FROM schedule_event WHERE ID=%s",
                       GetSQLValueString($_POST['eventID'], "int"));

  mysql_select_db($db, $connect);
  $resultDel = mysql_query($deleteSQL, $connect) or die(mysql_error());

  $deleteGoTo = "AdmSheduleDeleteConfirm.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?";
    $deleteGoTo .= $_SERVER['QUERY_STRING'];
  header(sprintf("Location: %s", $deleteGoTo));

if ((isset($_POST['cancel'])) && ($_POST['cancel'] != "")) {
      $cancelGoTo ="AdmShedule.php";
            $cancelGoTo .= strpos($cancelGoTo, '?') ? "&" : "?";
            $cancelGoTo .= $_SERVER['QUERY_STRING'];
      header(sprintf("location: %s", $cancelGoTo));

No Error -- Isn't this also posting header locations?
the Second page the confirmation page:
I get the same header error as before.
is there a better way to do this?
hope this makes sense.
Im totally lost with this.

2 Solutions
If you try to set headers using PHP, you have to be sure that NO other output has been sent to the browser already, including any blank spaces or lines.  It seems that in the scripts where you are getting errors, the header() calls are not the first things being sent to the browser.  You need to check your code for any other output, including echos, prints, whitespace or blank lines outside of your PHP tags, etc..
What's on line 20 of /home/***/public_html/beta/Admin/AdmSheduleAdd.php?  Given the warning message, it would seem that this line is outputing content which is prohibiting you from setting the location header.  You should start looking there for you answer.  If you can't figure it out, can you post lines say 10-30 of that file with line numbers?

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now