[SOLVED] printed text disappears (ff / ie rendering differences?)

I have the below code. I write an encrypted message to a database. With a password sent in the url I can fetch the text from the database and print it on the screen. As soon as it is printed I want it removed from the database so it can not be fetched and read again.

The below code works perfectly according to the above description in both internet explorer and google chrome, but in firefox the text dont get printed and only removed from the database.

Since it works in ie and chome I guess it might have something to do with how firefox renders pages? Maybe it doesn't print any values before all code is run through and then its too late? I tried inserting ob_flush(), flush() and sleep(5) right after I echo the text. This prints the text even in firefox, however it is removed again as soon as the 5 seconds are over.

Another interesting thing is that it sometimes works in firefox when I write a very short text, such as "ok". However, all tests I've done with longer text (it's enough with the length of the previous sentence) haven't worked.

<?php
    $open = mysql_connect('localhost', 'user', 'pass');
    mysql_select_db('db');

    if ($_GET['m'] == "write"){

        /**
        * Write message to database
        */
        $password = md5(uniqid(rand(), true));
        mysql_query("INSERT INTO message (message, pass) VALUES (AES_ENCRYPT('" . $_POST["message"] . "','" . $password . "'),'" . md5($password) . "')");
        echo "link to message: ?p=" . $password . "";

    } elseif (strlen($_GET['p']) >= 1){

        /**
        * Read message from database
        */
        $data = mysql_query("SELECT AES_DECRYPT(message, '" . $_GET['p'] . "') AS decryptedMessage FROM message WHERE pass = '" . md5($_GET['p']) . "'");
        $data = mysql_fetch_array($data);
        echo $data["decryptedMessage"];  // Prints the message on the screen

    } else {
        echo "
            <FORM METHOD=\"post\" ACTION=\"?m=write\">
                <TEXTAREA NAME=\"message\"></TEXTAREA>
                <INPUT TYPE=\"submit\">
            </FORM>
        ";
    }

    /**
    * Delete the post from the database
    */
    /**
    * The below line seems to make the text printed on the screen
    * on line 21 above disappear from the screen when using firefox
    * but it stays printed on the screen when using ie and chome
    */
    mysql_query("DELETE FROM message WHERE pass = '" . md5($_GET['p']) . "'");

    mysql_close($open);
?>

Anybody with some ideas for a solution?

Any help is very appreciated!

When you do a "view source" of the page in FF what do you get?

I am going to take a guess that your link is invalid HTML. Post your actual code for the echo that outputs the link. xxxxxx out any sensitive information but don't change any of the syntax or punctuation.

It's completely empty (if I add <html> tags and such I see these but nothing else).

In ie and chrome i see the text I've fetched from the database.

the link looks like this: http://www.xxxxx.com/index.php?p=422485114cdc0d223fca27fbeb659482

Edit: On my original site where I have all the design elements and such, the link takes me to the actual site and everything looks ok, except that the text doesn't show.

I did not ask what the link looks like, I asked what the code is that is outputting the link.

At the end of the code, echo $_GET['p']; to see what it actually contains.

Sorry if I don't understand exactly what you are looking for, but the code that is outputting the link looks exactly like the echo "link to the message..." code printed above.

echo $_GET['p']; outputs the following: d0788d5e40ccd8e44664dc4abf0f5e3f

Thanks for your help.

  Quote

but the code that is outputting the link looks exactly like the echo "link to the message..." code printed above.

Then you are not producing a link correctly and are lucky it works at all - http://www.w3schools.com/html/html_links.asp

Oh, if I understand your input correctly I need to point out that to be precise I'm not producing a link at all, only the URL. I don't want the output to be clickable. The user will select, copy and send the URL to someone, and not click the URL himself.

OK, thanks for clearing that up.

Copy/paste is prone to adding things like spaces or newlines to the end. I recommend adding the following line to remove any non-printing characters -

$_GET['p'] = trim($_GET['p']);

Also, the query code to retrieve and display the message should check if the query worked or not (a mysql error) and if it worked (no error) but did not match anything, it should display some helpful user messages like - "Could not perform query" or "No matching information was found"

Thanks for the tips, didn't help though.

I think it's more of a problem with how firefox executes the code, since everything works ok in both internet explorer and chrome. And when I insert sleep(5) right after I echo the text I see it in firefox as well... the only problem is that it disappears again after those 5 seconds and the "mysql_query("DELETE..." command it executed.

In other words, fetching the text and printing it works fantastic, it's keeping the text printed on the site when using firefox that is the problem.

It sounds like your bowser is requesting the page twice. Since the second time the $_GET variable(s) are empty, the code just falls through to the end and skips over the code that produces the output.

Are you doing any URL rewriting, redirecting, or is there any javascript on a page that could be requesting the URL by itself?

Agree, it seems like the page loads twice. However, I don't think the code concerning the output is skipped the second time, rather that the corresponding database entry has been removed so the ouput is null.

No, I don't do anything like that. The attached code is really all there is.

Problem has been solved here: http://forums.mozillazine.org/viewtopic.php?f=25&t=853715&p=4486215#p4486215

That is pretty wild. A browser should not re-request a page simply because it wants to apply default character encoding. It already has the page. But that also explains some of the double page requests that we see people posting about in the forum.