Re: headers sent issue

On Mon, 14 Aug 2006 13:42:58 +0200, Rik wrote:

The fact of the matter is: there is no real reason NOT to use ob_start().
Hell, it can be very usefull. If you're using it to be able to send headers
without regard to output, it shouldn't be necessary however. The script
doesn't break, there isn't a real security issue. It's just a sign of you
coding practices: sloppy.

Actually, not necessarily. I use ob_start() in scripts like this one:

<?php ob_start(); session_start();?>
<html>
<head>
<title>Kill Session</title>
</head>
<body bgcolor="#EFECC7">
<center>
<h2>
Warning: kill session <?=$_REQUEST['sid'] ?>, <?=$_REQUEST['serial'] ?>?
</h2>
<hr>
<?php
require_once ('config.php');
require_once ('HTML/Form.php');
$DSN = $_SESSION['DSN'];
$invoker = $_SESSION['invoker'];
$db = NewADOConnection("oci8");
if (!empty($_GET['sid'])) {
$sid = $_GET['sid'];
$serial = $_GET['serial'];
} else {
$sid = $_POST['sid'];
$serial = $_POST['serial'];
}
if (empty($sid)) die("Kill session: sid cannot be empty!");
$kill = @$_POST['kill'];
if (empty($kill)) {
$form = new HTML_Form($_SERVER['PHP_SELF'], "POST");
$form->addSubmit("kill", "Yes");
$form->addSubmit("kill", "No");
$form->addHidden('sid', $sid);
$form->addHidden('serial', $serial);
$form->display();
exit;
}
if (strtolower($kill) != 'yes') {
header("Location: $invoker");
exit;
}
$SQL = "alter system disconnect session '$sid,$serial' immediate";
try {
$db->Connect($DSN['database'], $DSN['username'], $DSN['password']);
$rs = $db->Execute($SQL);
$db->close();
header("Location: $invoker");
}
catch(Exception $e) {
die($e->getMessage());
}
?>
</center>
</body>
</html>


Here I deliberately and explicitly send HTML headers in such a way that I
can set the background color and write a line of text in HTML. I don't see
why would I program those things in PHP when HTML is made for presenting
static information in an easy way. PHP was designed to mix freely with
HTML. All I want to do in this script is to print a warning and, if
answered with "yes", kill the session, then go back to the invoker.
Without "ob_start()" in the beginning, I am unable to use header()
function on Win2k/Apache 2.0.54/PHP 5.1.4. How will ob_start() byte me
later?

--
http://www.mgogala.com

.

Relevant Pages

  • Re: How do we get there from here?
    ... server-side-scripted html. ... This is a simple example with very little php scripting. ... means that the version of the php pre-processor on your web server must ... >>> The browser never sees anything not sent to it by the script. ...
    (comp.databases.pick)
  • Re: how to run scripts after a page has already loaded and been sent to a users browser?
    ... > It's because PHP is a server side scripting language, ... > do stuff before you send stuff to user's web browser. ... As we've discussed on this newsgroup before, if a script starts ... that is after the last HTML is sent to a web browser. ...
    (alt.php)
  • Re: How do we get there from here?
    ... Unlike my dislike for PHP, my dislike for SQL is based on ... >>> up with at least html and php quite mixed into each other, ... Using a PHP script to send HTML ... code to a browser in no way taints that code. ...
    (comp.databases.pick)
  • Re: Form Data -> Variables or an Array?
    ... Forgive me I am a PHP newbie. ... I have a small script that enables me to ... I want to use the HTML formatted form ... variables or an array, so that I can call the data later in the same ...
    (comp.lang.php)
  • Re: Form Data -> Variables or an Array?
    ... Forgive me I am a PHP newbie. ... I have a small script that enables me to ... I want to use the HTML formatted form because ... variables or an array, so that I can call the data later in the same ...
    (comp.lang.php)