PHP include() before doctype, causing a white space

Question

I have a website with a white space problem. I am including a few files before the doctype and this is causing a white space to be outputted.

After searching I have found this solution: Problem with whitespace before doctype

However after removing ?> I am still getting the problem. Below is the code:

<?php
include ("include/session.php");
include ("include/updatestage.php");                                        
?>
<!DOCTYPE HTML>....

Here is session.php:

<?php session_start();

// if a team name has been assigned to a session...
if ( isset($_SESSION ['teamName']))
{

//create "global variable $teamName that can be used across all pages as long as the function "session_start(); is present"
$teamName = $_SESSION ['teamName'];

}
else{

die ( "You are not logged in! Redirecting to login page...<meta http-equiv='REFRESH' content='2; url = index.php'>");

}

Here is updatestage.php:

<?php
include("config.php");
//update stage

$inserted="n";
mysql_query ("UPDATE `team` SET `inserted`='$inserted' WHERE teamName = '$teamName' ");

$advance="n";
mysql_query ("UPDATE `game` SET `advance`='$advance' ");

Here is getstageinfo.php:

<?php
include("include/config.php");
//Select the slogan from the current user
$currentStage = mysql_query("
SELECT `currentStage` FROM `team` WHERE `teamName` = '$teamName'
");
//assign the text located at the logo field (the path of the logo) to a variable $slogan
$row = mysql_fetch_assoc($currentStage);
$currentStage= $row['currentStage'];
?>

And finally here is config.php:

<?php
// connect to database
$con = mysql_connect("xxxxxxx","xxxxxxx","xxxxxxx"); 

if (!$con)
      {
      die('Could not connect: ' . mysql_error());
      }

// select database 
mysql_select_db ("xxxxxxx");          
?>

//////////////////////////////////////////////////////////////////////////////////////////

Ok so I have added back in the ?> and tried the suggestions below:

<!DOCTYPE HTML>
<?php
include("include/session.php");
include("include/updatestage.php");
?>

Or trying:

<?php

echo "<!DOCTYPE HTML>\n";

include ("include/session.php");
include ("include/updatestage.php");

?>

Produces:

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at public_html/period1.php:2) in public_html/include/session.php on line 1

Trying:

<?php
include("include/session.php");
include("include/updatestage.php");
?><!DOCTYPE HTML>

Or:

<?php

  ob_start();

  echo "<!DOCTYPE HTML>\n";

  include ("include/session.php");
  include ("include/updatestage.php");

  ob_end_flush();

?>

Still produces the white space.

copy and paste `session.php` and `updatestage.php` into a plain text editor, like notepad and then re-copy and paste pack to your document. Also, make sure in those two files there are no white spaces before the beginning ``. — Dutchie432, Feb 03 '12 at 15:41
Found the problem, it was the nested `include("config.php");` rather than including I just pasted the code into `updatestage.php` — NeverPhased, Feb 03 '12 at 15:42
One more thing to check while you're in a text editor - see if you have Byte Order Mark (BOM) disabled - this should be somewhere in the encoding options (ex. `UTF-8+BOM` may indicate trouble). — bububaba, Feb 03 '12 at 15:43
I removed the `?>` as I was following http://stackoverflow.com/questions/4749011/problem-with-whitespace-before-doctype — NeverPhased, Feb 03 '12 at 15:44
I have not yet tried these methods however just letting you know I have included the config in my edit above for viewing — NeverPhased, Feb 03 '12 at 16:07

DaveRandom · Accepted Answer · 2012-02-03T16:07:33.093

5

You may be able to fix the problem like this:

<?php
include ("include/session.php");
include ("include/updatestage.php");                                        
?><!DOCTYPE HTML>

But I have observed buggy behaviour in this respect (although not since PHP4), so the easiest solution that guarantees a fix is to put the <!DOCTYPE> before the include - since neither included file outputs anything, and would break your document if it did.

<!DOCTYPE HTML>
<?php

  include ("include/session.php");
  include ("include/updatestage.php");

?>
<!-- Rest of HTML -->

Or this:

<?php

  echo "<!DOCTYPE HTML>\n";

  include ("include/session.php");
  include ("include/updatestage.php");

?>
<!-- Rest of HTML -->

Remember to make sure that the < in the opening <?php tag is the first character in all files if you go with the second option.

EDIT Having in the first place completely failed to take into account the session/cookies problem that has reared it's ugly head, here is a working solution:

<?php

  ob_start();

  echo "<!DOCTYPE HTML>\n";

  include ("include/session.php");
  include ("include/updatestage.php");

  ob_end_flush();

?>
<!-- Rest of HTML -->

edited Feb 03 '12 at 16:07

answered Feb 03 '12 at 15:43

DaveRandom

87,921
11
154
174

Still no joy with the new code, bare in mind I still have the `?>` at the end of the include files. – NeverPhased Feb 03 '12 at 16:10
1

@user1064028 Well the `?>` in your included files should be removed because those files don't output any HTML (this is a good rule of thumb for whether you want one or not) but if you are still getting white space before the doctype now, even with output buffering, and having ensured your opening ` – DaveRandom Feb 03 '12 at 16:13
let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/7318/discussion-between-daverandom-and-user1064028) – DaveRandom Feb 03 '12 at 16:15
So turns out it was a BOM issue – NeverPhased Feb 03 '12 at 17:00
@user1064028 So I see. I have logged out of it now, and just as an experiment I thought I'd do the sign-up form to look for SQL injection holes - you'll be please to know I didn't find any, but I think your inserted data is being double-escaped, I signed up with a team name of `test'` and `anothertest"` and when I log in they display as `test\'` and `anothertest\"` - have you called `addslashes()` *and* `mysql_real_escape_string()` by any chance? – DaveRandom Feb 03 '12 at 17:09
@user1064028 Also you need to pass database data through [`htmlspecialchars()`](http://php.net/manual/en/function.htmlspecialchars.php) before outputting it into HTML. I also created a user `test>` and it outputs that string literally onto the page, it needs to appear in the HTML as `test>` to avoid the risk of breaking your page layout, which `htmlspecialchars()` will take care of for you. – DaveRandom Feb 03 '12 at 17:14
Hi DaveRandom, I have strip_tags() for the inputs but that's it do i need addslashes(), addslashes() also? – NeverPhased Feb 04 '12 at 12:59
1

You should just use `htmlspecialchars()` and `mysql_real_escape_string()`, there is no need for `strip_tags()` or `addslashes()` if you use them. `mysql_real_escape_string()` should be used for *every* bit of user input that is used in an SQL query, and `htmlspecialchars()` should be used for *every* bit of user input that is output onto a page. If you do that, you are pretty much safe. There are other things that you can do which are even safer, but for the purposes of a uni project the two methods above are all you need. Look into PDO parameterised queries if your interested. – DaveRandom Feb 04 '12 at 13:38

score 2 · Answer 2 · edited May 23 '17 at 12:02

2

I figured it out. You have to encode "UTF-8 without BOM" for the file you are including.

The master php file doesn't necessarily have to encode with "UTF-8 without BOM", and in fact I'd recommend that you don't if you have certain special characters (caused problems for me).

Was also answered here: PHP include causes white space at the top of the page

edited May 23 '17 at 12:02

Community

1
1

answered Sep 28 '13 at 18:56

Jared

21
1

score 2 · Answer 3 · answered Feb 03 '12 at 15:43

2

You don't have to remove the ?>. Just the whitespace after it. Your code should look like this:

<?php
include ("include/session.php");
include ("include/updatestage.php");                                        
?><!DOCTYPE HTML>....

answered Feb 03 '12 at 15:43

If you don't intend to output HTML from a PHP file, then you _should_ leave out the `?>`. – Ilmari Karonen Feb 03 '12 at 15:55
1

In the main script, yes. But not in the _other_ PHP files he's including, which is where the actual problem was. – Ilmari Karonen Feb 03 '12 at 16:27

score 1 · Answer 4 · answered Feb 03 '12 at 16:36

OK, these steps should fix your problem:

Go through all PHP files on your site. If the file ends with ?> (and possibly some whitespace), remove the ?>. (Of course, if there's some HTML text after the ?> then you shouldn't remove it.)
While doing the above, also check that there's no whitespace in front of the first <?php in any files.
If you still have problems after that, check for invisible characters in front of the <?php. There are several ways to do that, but looking at a hex dump of the files is one good way. The first two bytes of each PHP file (that doesn't begin with HTML text) should be <? (hex 3c 3f).

In the unlikely event that those steps won't solve the problem, let us know (and preferably include a link to a page where the problem occurs, so that we can check the output ourselves).

score 0 · Answer 5 · answered Jun 09 '16 at 12:10

0

Open file in Notepadd++ From top bar: Encoding->Encode in UTF8 without BOM Save the file In Dreamweaver

Press CTRL + J or go to Change->Page Settings->Tile/Encoding and unchek UNICODE BOM if it is cheked.

answered Jun 09 '16 at 12:10

James Allan

5
1
5

PHP include() before doctype, causing a white space

5 Answers5

Linked