<?php require_once("includes/connection_open.php"); ?> <?php require_once("includes/function.php"); ?> <?php if(isset($_POST['submit'])) { $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * FROM admin WHERE username='{$username}' AND password='{$password}'"." "." LIMIT 1"; $doquery = mysql_query($query,$connect); if(!$doquery) { die(mysql_error()); } if(mysql_num_rows($doquery)==1) { header("Location:index.php"); exit; } }// end of if(isset($_POST['submit'])) ?> <html> <head><title>LOGIN</title></head> <body> <form action="login.php" method="post"> Username:<input type="text" name="username"><br/> Password:<input type="password" name="password"><br /><br /> <input type="submit" name="submit" value="submit"> </form> </body> </html> The above code when I execute it on the local server (like i use xampp) it is functioning correctly i.e. when i enter the user id and pass the page redirects to the index.php as mentioned in the code "header("Location:index.php");". But when i execute it on real server, i.e. when i enter the user id and pass, the page donot redirect to the aforementioned page but it stays on the same page and the whole page gets blank. Please can anyone give me a solution to this problem. Thankyou
Code looks alright. Do you have a whitespace before the PHP tags? How did you upload it to your server (binary or ASCII)? You could also try a javascript redirect instead of using header()
Not sure why it's not working. Is it throwing any errors? Secondly, this script is completely susceptableto SQL injection attacks. Make sure to sanitize any user inputs using mysql_real_escape_string. Try something like this: if (isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $query = "SELECT * FROM admin WHERE username='" . $username . "' AND password='".$password."' LIMIT 1"; if (!$doquery = mysql_query($query, $connect)) { die(mysql_error()); } echo mysql_num_rows($doquery); //for testing if (mysql_num_rows($doquery) == 1) { header("Location:index.php"); exit; } } PHP:
If your server's not giving you any errors, you can just re-implement the above script with a javascript redirect: if (isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $query = "SELECT * FROM admin WHERE username='" . $username . "' AND password='".$password."' LIMIT 1"; if (!$doquery = mysql_query($query, $connect)) { die(mysql_error()); } echo mysql_num_rows($doquery); //for testing if (mysql_num_rows($doquery) == 1) { <script type="text/javascript">[INDENT]<!--[/INDENT] [INDENT]window.location = "index.php"[/INDENT] [INDENT]//-->[/INDENT] [INDENT]</script>[/INDENT] exit; } } Code (markup):
Don't do a javascript redirect, because people with it disabled will be unable to view the next page. <?php require_once("includes/connection_open.php"); ?> <?php require_once("includes/function.php"); ?> <?php if(isset($_POST['submit'])) Code (markup): to <?php require_once("includes/connection_open.php"); require_once("includes/function.php"); if(isset($_POST['submit'])) Code (markup):