CODEWITHSUNDEEP
phphttp
Akash
Akash

Reputation: 1726

PHP: redirect using "header ()" not working

code: sql.php

<?php
$uid = trim($_POST['uid']);
$pass= trim($_POST['pass']);
$type= trim($_POST['type']);
$link = mysql_connect("localhost","root","akash");
if (!$link) 
                 die('Could not connect: '.mysql_error());
if(!mysql_select_db("fsproj",$link))        
die("Can't Select database");
if ($type == 0 ) 
$query = "select uid from admin where uid = \"$uid\" AND password = \"$pass\"";
else
$query = "select username from user where uid = $uid AND pass = $pass";
$result = mysql_query("$query",$link);                        
$num_r=mysql_num_rows($result); 
        header("Location : codepage.php");
exit();
?>

code: login.html

<html>
<form action="sql.php" method="post" name="form1" id="form1" target=result>
Enter UID

<textarea name="uid" id="uid" rows="1" cols="40"> 

</textarea><br>
Password

<textarea name="pass" id="pass" rows="1" cols="40"> 

</textarea><br>
Type

<textarea name="type" id="type" rows="1" cols="40"> 

</textarea>
<br>
<input type="submit" value="Submit" />
</form>
</html>

All the files are in the same root directory, submitting the userid and password through login.html to sql.php should redirect to the file codepage.php (I havent added the login check yet, so should succeed for any values of username as password)

But when I try to do so, All I get is a blank page.

If I add an output statement after the header call, I see the output of that statement

Essentially, header("Location : codepage.php") had no effect

The header function does work in some other pages on the same site

Upvotes: 0

Views: 2238

Answers (4)

prakash
prakash

Reputation: 184

please used header("Location: codepage.php");

the problem is the space between Location and : it's working for me, hope it will work for u

Upvotes: 1

Michael
Michael

Reputation: 12802

Use curly brackets. Your code is broken the way it is. Also, it's header('Location: codepage.php'), not header('Location : codepage.php'). Notice the extra space you've added.

REMOVED

Upvotes: 2

sg3s
sg3s

Reputation: 9567

The header('Location: address') should contain the ENTIRE url, not just the file.

This means the protocol, domain and alternatively folders and files.

header('Location: http://wwww.google.com');

Docs:

http://php.net/manual/en/function.header.php

Here are the w3 specifications on the Location header at point 14.30 (search for '14.30 Location')

http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

To qoute the w3:

The field value consists of a single absolute URI.

As noted in the comments, there may not be any whitespace before or after the the colon (:).

Upvotes: 2

safarov
safarov

Reputation: 7804

Your codes are vulnerable to Sql Injection. Use mysql_real_escape_string() to filter. Like: 

 $pass= mysql_real_escape_string(trim($_POST['pass']));

And make sure that you have corrent address to codepage.php. Try

header('Location: /codepage.php'); //OR
header('Location: http://site.com/to/codepage.php');

Upvotes: 1

Related Questions