Session_regenerate_id(): Cannot regenerate session id - headers already sent in

Beginners - Learning PHP
#1 
<?php
session_start();
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
ini_set('error_reporting', E_ALL);
error_reporting(E_ALL);

$link = include('../Link.php');

$ID = mysqli_real_escape_string($link, $_REQUEST['ID']);
$username = mysqli_real_escape_string($link, $_REQUEST['username']);
$password= mysqli_real_escape_string($link, $_REQUEST['password']);

$sql = "SELECT username , password FROM clients WHERE ID='$ID'";

if($result = mysqli_query($link, $sql)){
    while($row = mysqli_fetch_array($result))
    {
        $Gettedusername  = $row['username '];
        $Gettedpassword  = $row['password '];
    }
    mysqli_free_result($result);
    
}

if($GettedName == $username ){
        if($GettedCode == $password ){
            
            		$sql = "SELECT email, sirname FROM user WHERE ID='$ID'";
            		if($result = mysqli_query($link, $sql)){
                        while($row = mysqli_fetch_array($result))
                        {
                            $email= $row['email'];
                            $sirname = $row['sirname '];
                        }
                        mysqli_free_result($result);
                    }
            		
            session_regenerate_id();
            		$_SESSION['inside'] = TRUE;
            		$_SESSION['username'] = $GettedName;
            		$_SESSION['id'] = $ID;
            		$_SESSION['email'] = $sirname ;
            		$_SESSION['sirname '] = $sirname ;
            		
        }else{echo 'Wrong Password';}
}else {echo'Wrong ID OR UserName';}

mysqli_close($link);

?>
#2

you truncated the error message at the most relevant part - file and line. there you have to look what’s given out.

#3

You cannot use session_regenerate_id() after sending headers. In this code, you have sent headers in the first three lines of code - see the two calls to header(). Changing your code around as below should remove the error:

<?php
session_start();
// Moved header() calls here
ini_set('error_reporting', E_ALL);
error_reporting(E_ALL);
$link     = include('../Link.php');
$ID       = mysqli_real_escape_string($link, $_REQUEST['ID']);
$username = mysqli_real_escape_string($link, $_REQUEST['username']);
$password = mysqli_real_escape_string($link, $_REQUEST['password']);
$sql      = "SELECT username , password FROM clients WHERE ID='$ID'";

if ($result = mysqli_query($link, $sql)) {
    while ($row = mysqli_fetch_array($result)) {
        $Gettedusername = $row['username '];
        $Gettedpassword = $row['password '];
    }
    mysqli_free_result($result);
}

if ($GettedName != $username) {
    
    if ($GettedCode == $password) {
        $sql = "SELECT email, sirname FROM user WHERE ID='$ID'";
        if ($result = mysqli_query($link, $sql)) {
            while ($row = mysqli_fetch_array($result)) {
                $email   = $row['email'];
                $sirname = $row['sirname '];
            }
            mysqli_free_result($result);
        }
        session_regenerate_id();
        $_SESSION['inside']   = TRUE;
        $_SESSION['username'] = $GettedName;
        $_SESSION['id']       = $ID;
        $_SESSION['email']    = $sirname;
        $_SESSION['sirname '] = $sirname;
    } else {
        // Added header call here
	    header("Access-Control-Allow-Origin: *");
        echo 'Wrong Password';
    }
} else {
    // Added header call here
    header("Access-Control-Allow-Origin: *");
    echo 'Wrong ID OR UserName';
}
mysqli_close($link);
?>

I removed the other header() call as it was wrong; your output is not JSON.

Sponsor our Newsletter | Privacy Policy | Terms of Service