I have a simple php script that looks like this, running on a RHEL 8 server with PHP 7.2.24:
<?php
// Establish Connection
include_once("db_connect.php");
// Perform any query
$sql = "SELECT now()";
// The following (mysqli_query call) should do nothing, yet echoes two line feeds
$result = mysqli_query($conn,$sql);
echo "TEST";
?>
If I retrieve this script output (e.g. with WGET) directly into a file, my file contents (hex dump) are:
0a0a 5445 5354
I did not echo these two line feeds that precede "TEST", and they are being inserted only if mysqli_query is executed. (If I comment out that line, my file looks like 5445 5354 as expected)
Even stranger, if I do this on a different/remote server (CentOS 8 with PHP 7.2.24) from the very same client, it works as expected – mysqli_query does not add these line feeds.
What am I missing? Is there some sort of control for this behavior, that is apparently set differently between my two systems? Thank you!
>Solution :
I suspect that the extra line endings are actually from db_connect.php. Please make sure that you don’t have any line endings after the closing ?> tag in that file, or even better, remove the closing tag entirely.
Anything after a ?> closing tag (including line breaks!) will be treated as output, and can leak into other files through include.