0

I am looking for some kind of bug in my code which is causing this PHP page to not redirect. I'm looking to see if someone might know the cause of this problem (it may have something to do with the cookies).

inc_vars.php:

<?php
//some of the variables have been omitted.
$pid = 'gbb';
$dbtable ='';
$dbname = '';
$dbuser = '';
$dbpass = '';

$connect = mysql_connect('localhost', $dbuser, $dbpass);

if(!$connect){
    header('Location: omitted');
    die();
}

mysql_select_db ($dbname, $connect);

$webroot = 'omitted';

$share_page = $webroot . '/share-the-training';

$gift = $webroot . '/free-video?setuser=1199';

$bonus_content = $webroot . '/awesome-bonus';

$share_php = $webroot . '/share.php';

?>

refresh_id.php:

<?php

include_once('inc_vars.php');

$results = mysql_query("SELECT id FROM " . $dbtable . " WHERE email='" . $_GET['email'] . "'");


if(!$results || mysql_num_rows($results)==0){
    header('Location: ' . $share_page . '?errorcode=1');
    die();
}

$res_arr = mysql_fetch_assoc ($results);

setcookie($pid . "_viral", (string)$res_arr['id'], time() + 3600 * 365);

move_on();

function move_on(){
    header ('Location: ' . $share_php);
    die();
}

?>

When the person visits refresh_id.php?email=their_email they should redirect to the $share_php page. This is not working.

However, if this scenario happens: refresh_id.php?email=an-email-that-is-not-in-database then the script redirects to $share_page absolutely fine.

I have tried this with and without the gbb_viral cookie in place. I'm not sure why this isn't working. All pages are live and on the internet right now in case you want to look for yourself.

omitted

An email that exists in the database is as follows: acctrafficcop@gmail.com (for those that want to test this)

UPDATE

Stupid mistake with scopes. I simply added global $share_php in the move_on() function and everything is working fine now. Thank you everyone for the heads up on SQL injection, I am switching over to prepared statements right now.

4

2 回答 2

3

In your move_on function, the variable $share_php does not exist because of variable scope. Therefore your redirect looks like this: Location:. There is no URL in the Location header.

You can pass the variable into the function, or use the global keyword to make it available. Try this:

move_on('/redirect_url');

function move_on($url){
    header ('Location: ' . $url);
    die();
}

In fact, in refresh_id.php I don't see a variable called $share_php anywhere, so you are redirecting to an empty URL.

于 2012-07-29T18:42:22.147 回答
1

You also need to set a status header for the browser to honor the location header. Try adding 

header('HTTP/1.1 303 See Other');

Using curl will help you debug. Also, your are setting yourself up for SQL Injection with your SQL query.

Edit: After reading the second answer, it is correct that you aren't passing in a location to your redirection function. This should be fixed as well.

$results = mysql_query("SELECT id FROM " . $dbtable . " WHERE email='" . $_GET['email'] . "'");

Never trust input from users like this. Instead, use a SQL bind. Here's how you would do it with the mysqli library: http://php.net/manual/en/mysqli-stmt.bind-param.php

于 2012-07-29T18:42:11.430 回答