Home/ Questions/Q 6994713
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T19:55:38+00:00

I am trying to create a PM system on my website however the sending

  • 0

I am trying to create a PM system on my website however the sending does not work…

Here is my code:

<?php
$from = $_POST['from'];
$to = $_POST['to'];
$content = $_POST['content'];
$date = date("Y-n-j H:i:s");
$id = rand(0000,9999);

include('sql_connect.php');
mysql_query("INSERT INTO pm (`from`, `to`, `content`, `date`, `id`) VALUES ('".$from."', '".$to."', '".$content."', '".$date."', '".$id."')");
mysql_close($con);
header('Location: members.php?sent');
?>

Can someone tell me why it doesn’t work?

EDIT: I added backtits but the result is this:

NULL 
Warning: Cannot modify header information - headers already sent by (output started at /home/quebecen/public_html/new/do_pm.php:10) in /home/quebecen/public_html/new/do_pm.php on line 15

EDIT 2: I added $result before que mysql_query() (I forgot it) and now I have this code:

<?php
$from = $_POST['from'];
$to = $_POST['to'];
$content = $_POST['content'];
$date = date("Y-n-j H:i:s");
$id = rand(0000,9999);

include('sql_connect.php');
$result = mysql_query("INSERT INTO pm (`from`, `to`, `content`, `date`, `id`) VALUES ('".$from."', '".$to."', '".$content."', '".$date."', '".$id."')", $con);

var_dump($result);

if(!$result) {
    echo mysql_error();
}

mysql_close($con);
header('Location: members.php?sent');
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The error your getting is because your outputting the buffer & then trying to add a header; (This can be a single space or a carriage return or the error message its self, but in your case its the var_dump) . Also You have sql injections vulnerabilities from not escaping
    the post variables, I do suggest you forget about the mysql_* family of functions and move to PDO prepared statements:

    <?php
//Start a session to hold the status
session_start();
try {
    $dbh = new PDO("mysql:host=localhost;dbname=yourDB", 'dbUser', 'dbPass');

    /*** set the error reporting attribute ***/
    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    /*** some variables ***/
    $from = $_POST['from'];
    $to = $_POST['to'];
    $content = $_POST['content'];
    $date = date("Y-n-j H:i:s");

    $id = rand(0000,9999); //? This is wrongly implemented if you want a uniqie id, you should be using the AUTO INCREMENT value

    /*** prepare the SQL statement ***/
    $stmt = $dbh->prepare("INSERT INTO pm (`from`, `to`, `content`, `date`, `id`)VALUES(:from, :to, :content, :date, :id)");

    /*** bind the paramaters ***/
    $stmt->bindParam(':id', $id, PDO::PARAM_INT);
    $stmt->bindParam(':from', $from, PDO::PARAM_STR, strlen($from));
    $stmt->bindParam(':to', $to, PDO::PARAM_STR, strlen($to));
    $stmt->bindParam(':content', $content, PDO::PARAM_STR, strlen($content));
    $stmt->bindParam(':date', $date, PDO::PARAM_STR, strlen($date));


    /*** execute the prepared statement ***/
    $stmt->execute();
    /*** close the database connection ***/
    $dbh = null;

    //Set as sent, redirect to members cleanly and then check session var is true
    $_SESSION['sent']=true;
    header('Location: ./members.php');
}
catch(PDOException $e)
{
    //Something went wrong
    $_SESSION['sent']=false;
    //You should log this error, and not output any internal errors to the user, just advise them something went wrong.
    error_log("FATAL MSG ERROR:".$e->getMessage(), 3, "/home/quebecen/logs/my-errors.log");

    header('Location: ./members.php');
}
?>
    • 0