Warning: Header may not contain more than a single header, new line detected inea

[james212121]

Getting this error: Warning: Header may not contain more than a single header, new line detected in

While using POST and GET between variabales:

 

<?php
    $name = $_POST["Name"];
    $email = $_POST["Email"];
    $title = $_POST["Title"];
    $rating = $_POST["Rating"];
    $review = $_POST["Review"];    
    $broker = $_GET["Broker"];
    header("Location: /thankyou-review.php?Name=$name&Email=$email&Title=$title&Rating=$rating&Review=$review&Broker=$broker");
?>

 

Please note the $review parameter is a pargaph that contain text and breaklines.

Please advise.

[AbraCadaver]

 $review = urlencode($_POST["Review"]);

or

$_POST = array_map('urlencode', $_POST);

[james212121]

The error is gone, but the text is not inserted to MYSQL

[lemmin]

You haven't posted any code or other information about an SQL query.

[james212121]

This is the insert MYSQL query:

 

$insertreview = "INSERT INTO userreview (Name, Email, Title, Rating, Review, Status, Broker) VALUES ('$name','$email','$title','$rating','$review','0','$broker')";
 

[AbraCadaver]

//$result = query using $insertreview

if(!$result) { echo mysqli_error(); }

[james212121]

Got this MYSQL Error:

 

Query:  INSERT INTO userreview (Name, Email, Title, Rating, Review, Status, Broker) VALUES ('Raul','[email protected]','It's OK!','5','Tra...

Error Code: 1064
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's OK!','5','Trading there for 2 months, I'm Spanish speaker so I have my dedicat' at line 1

Execution Time : 0 sec
Transfer Time  : 0 sec
Total Time     : 0.040 sec

 

I think it happens becuase of the '

[AbraCadaver]

Are you not using mysqli_real_escape_string() or similar on vars before inserting?

 

You need to find some good and recent tutorials.

[james212121]

No, I'm not. Try to search it on Google look complicated.

How would you use it in this code:

 

$insertreview = "INSERT INTO userreview (Name, Email, Title, Rating, Review, Status, Broker) VALUES ('$name','$email','$title','$rating','$review','0','$broker')";

[AbraCadaver]

I still don't know what database functions you're using (look at my sig), but where ever you define the vars you need:

$name = mysqli_real_escape_string($link, $_GET['name']);