Justafriend Posted January 19, 2016 Share Posted January 19, 2016 first off i know all 4 headers im using are same its temporary for now eventually i will have 4 different confirmation pages The issue im having is all 4 are processing form correctly into the db but the confirmation pages are redirecting to a new tab here is the php code if needed i can supply the html code as well but seeing the header is being pulled from the php file i think thats where it is what i want is that when the html form processes that it redirects the page to one of the four confirmation pages instead of in a new tab $conn = mysqli_connect($servername, $username, $password, $dbname); // Check connection if (!$conn) { die("Connection failed: " . mysqli_connect_error()); } if(isset($_POST['choices']) && !empty($_POST['choices'])){ if($_POST['choices'] == 'four'){ $sql = "INSERT INTO ballot (username, useremail, randomnumber, neptune) VALUES ('".$_POST["username2"]."','".$_POST["email"]."','".$_POST["randomnumber"]."','".$_POST["neptune"]."')"; $sql1 = "INSERT INTO ballot (username, useremail, randomnumber) VALUES ('".$_POST["username2"]."','".$_POST["email"]."','".$_POST["randomnumber3"]."')"; if (mysqli_query($conn, $sql)) ; if (mysqli_query($conn, $sql1)) ; mysqli_close($conn); { { header("Location: http://justtheway.com/wb/events/pawn/get2ticketconfirm.php") ; } } }elseif($_POST['choices'] == 'twoorless'){ $sql = "INSERT INTO ballot (username, useremail, randomnumber, neptune) VALUES ('".$_POST["username2"]."','".$_POST["email"]."','".$_POST["randomnumber"]."','".$_POST["neptune"]."')"; if (mysqli_query($conn, $sql)) ; mysqli_close($conn); { { header("Location: http://justtheway.com/wb/events/pawn/get1ticketconfirm.php") ; } } }elseif($_POST['choices'] == 'sixseven'){ $sql = "INSERT INTO ballot (username, useremail, randomnumber, neptune) VALUES ('".$_POST["username2"]."','".$_POST["email"]."','".$_POST["randomnumber"]."','".$_POST["neptune"]."')"; $sql1 = "INSERT INTO ballot (username, useremail, randomnumber) VALUES ('".$_POST["username2"]."','".$_POST["email"]."','".$_POST["randomnumber3"]."')"; if (mysqli_query($conn, $sql)) ; if (mysqli_query($conn, $sql1)) ; { { header("Location: http://justtheway.com/wb/events/pawn/get2ticketconfirm.php") ; } } }elseif($_POST['choices'] == 'fiveorless'){ $sql = "INSERT INTO ballot (username, useremail, randomnumber, neptune) VALUES ('".$_POST["username2"]."','".$_POST["email"]."','".$_POST["randomnumber"]."','".$_POST["neptune"]."')"; if (mysqli_query($conn, $sql)) ; mysqli_close($conn); { { header("Location: http://justtheway.com/wb/events/pawn/get1ticketconfirm.php") ; } } } }else{ echo "Please select once choice for submit query!"; } mysqli_close($conn); { { header("Location: http://justtheway.com/wb/events/pawn/get1ticketconfirm.php") ; } } ?> Quote Link to comment Share on other sites More sharing options...
Solution mac_gyver Posted January 19, 2016 Solution Share Posted January 19, 2016 the header('location: ...') is only telling the browser to make a http request for a page. if this is causing a new browser tab to open, there must be something somewhere else in the code on the page to cause it. this is not being caused by the header() statement. why do you have so much repetition in your code? this just makes for a lot of extra work for you, especially when you need to fix or change anything in the code. currently, you need to add protection against sql injection for all those queries, which there are actually only two different variations of a single query. by refactoring your code so that the sql query statement only exists once, adding sql protection, or changing anything about the query, would only have to be done in one place. Quote Link to comment Share on other sites More sharing options...
Justafriend Posted January 19, 2016 Author Share Posted January 19, 2016 there are 4 different types of entriesthere is singles getting 2 ballots there is singles getting 1 ballot there is pards getting 2 ballots and there is pards getting 1 ballot Eventually each code will be going to its own confirm submission page as i stated above my post hence why i have 4 different queries ok i will have to look through the html code i just thought that once the php processes a query it doesnt use the code on the page that sent the info but i do appreciate your help and appreciate the direction Quote Link to comment Share on other sites More sharing options...
Justafriend Posted January 19, 2016 Author Share Posted January 19, 2016 Update found the html error ty for the pointing me in right direction Quote Link to comment Share on other sites More sharing options...
Justafriend Posted January 19, 2016 Author Share Posted January 19, 2016 and as for the injections they are all being handled in the java verification of the form so that all data is verified before going into the php Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted January 19, 2016 Share Posted January 19, 2016 javascript does not provide any protection for the server-side code. any value that anyone or a bot script wants, can be submitted to the server-side code, without using any of your client-side code (other than to learn the field names to use.) the server-side code must have protection in it. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.